ICQ 7 does not check the identity of the update server or the authenticity of the updates that it downloads through its automatic update mechanism. By impersonating the update server (think DNS spoofing), an attacker can act as an update server of its own and deliver arbitrary files that are executed on the next launch of the ICQ client. Since ICQ is automatically launched right after booting Windows by default and it checks for updates on every start, it can be attacked very reliably.Proof of concept code included.
04f110048b2b3c991e27e6d5e6a6d9b83938b41ab60b12fc8ec01f2728817316
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed