AOL ICQ vulnerabilities
Core Security released two ICQ related advisories today.
One for ICQ tool bar for IE and another for AOL's ICQ client.
Since Core Security states they used a fuzzier to discover these issues
I suspect there will be other ICQ vulnerabilities discovered and announced by them in the future.
"Advisory ID: CORE-2006-0322
Multiple vulnerabilities in ICQ Toolbar 1.3 for Internet Explorer
http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1510
Security problems found in the ICQ Toolbar v1.3 may allow attackers to
control and change configuration settings and to inject scripting code
in RSS feed contents and execute it in the contexts of the feed
interface (IE's Local Zone)
Vulnerable Packages:
The following AOL/ICQ software products are affected by these issues:
Remote configuration vulnerability
ICQ Toolbar 1.3 for Internet Explorer
Malicious RSS feed vulnerability
ICQ Toolbar 1.3 for Internet Explorer
ICQ Search Plugin for Mozilla / Firefox is reported as not being vulnerable.
Advisory ID: CORE-2006-0321
AOL ICQ Pro 2003b heap overflow vulnerability
http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1509
A vulnerability in AOL's ICQ Pro 2003b instant messenger client could
lead to denial of service attacks and remote compromise of systems
running vulnerable versions of the client.
Vulnerable Packages:
The following AOL/ICQ software products are affected by this issue:
ICQ Pro 2003b Build #3916 and previous.
Non-vulnerable Packages:
ICQ 5.1 and ICQ2Go!
AOL and ICQ recommend that users upgrade to the latest version of the
ICQ client: ICQ 5.1"
One for ICQ tool bar for IE and another for AOL's ICQ client.
Since Core Security states they used a fuzzier to discover these issues
I suspect there will be other ICQ vulnerabilities discovered and announced by them in the future.
"Advisory ID: CORE-2006-0322
Multiple vulnerabilities in ICQ Toolbar 1.3 for Internet Explorer
http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1510
Security problems found in the ICQ Toolbar v1.3 may allow attackers to
control and change configuration settings and to inject scripting code
in RSS feed contents and execute it in the contexts of the feed
interface (IE's Local Zone)
Vulnerable Packages:
The following AOL/ICQ software products are affected by these issues:
Remote configuration vulnerability
ICQ Toolbar 1.3 for Internet Explorer
Malicious RSS feed vulnerability
ICQ Toolbar 1.3 for Internet Explorer
ICQ Search Plugin for Mozilla / Firefox is reported as not being vulnerable.
Advisory ID: CORE-2006-0321
AOL ICQ Pro 2003b heap overflow vulnerability
http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1509
A vulnerability in AOL's ICQ Pro 2003b instant messenger client could
lead to denial of service attacks and remote compromise of systems
running vulnerable versions of the client.
Vulnerable Packages:
The following AOL/ICQ software products are affected by this issue:
ICQ Pro 2003b Build #3916 and previous.
Non-vulnerable Packages:
ICQ 5.1 and ICQ2Go!
AOL and ICQ recommend that users upgrade to the latest version of the
ICQ client: ICQ 5.1"
Keywords:
0 comment(s)
Is someone watching your internet traffic or telephone calls?
MattM provide this interesting news item to me today.
It is an interesting read.
However given the options to hide the path your packets take that are available to most ISPs today I would be surprised if they would make this monitoring so noticeable. Simply tracerouting to see if you packets go through sffca.ip.att.net is too simple of a detection method.
For more details see the link.
The Newbie's Guide to Detecting the NSA
http://radar.oreilly.com/archives/2006/06/the_newbies_guide_to_detecting.html
It is an interesting read.
However given the options to hide the path your packets take that are available to most ISPs today I would be surprised if they would make this monitoring so noticeable. Simply tracerouting to see if you packets go through sffca.ip.att.net is too simple of a detection method.
For more details see the link.
The Newbie's Guide to Detecting the NSA
http://radar.oreilly.com/archives/2006/06/the_newbies_guide_to_detecting.html
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
Comments
www
Nov 17th 2022
4 months ago
EEW
Nov 17th 2022
4 months ago
qwq
Nov 17th 2022
4 months ago
mashood
Nov 17th 2022
4 months ago
isc.sans.edu
Nov 23rd 2022
4 months ago
isc.sans.edu
Nov 23rd 2022
4 months ago
isc.sans.edu
Dec 3rd 2022
3 months ago
isc.sans.edu
Dec 3rd 2022
3 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
3 months ago
isc.sans.edu
Dec 26th 2022
3 months ago