Re: ICQ Buffer Overflow Exploit

From: x-x-x-x-x-x-x-x-x (sadararat_private)
Date: Tue Jan 18 2000 - 00:10:12 PST

Next message: Michael Howard: "Re: MS IIS 5.0 Access Violation on handling URL String"

Previous message: Darren Reed: "Re: XML in IE 5.0"
Maybe in reply to: drew copley: "ICQ Buffer Overflow Exploit"
Next in thread: Bryce Walter: "Re: ICQ Buffer Overflow Exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----Original Message-----
From: Thomas Maschutznig <hntat_private>
To: BUGTRAQat_private <BUGTRAQat_private>
Date: 18 January 2000 02:28
Subject: Re: ICQ Buffer Overflow Exploit

-snip-
:but if you start with http://www... ICQ doesnt seem to check it and
:messages with 2000 characters were no problem.
:

I have been playing with this bug a little, and it seems that ICQ only picks
up oversize messages when they are keyed in, and not when they are pasted.
maybe it wouldn't be so bad if this was fixed so that at least the client
couldn't be used to execute this attack. :-/

Next message: Michael Howard: "Re: MS IIS 5.0 Access Violation on handling URL String"
Previous message: Darren Reed: "Re: XML in IE 5.0"
Maybe in reply to: drew copley: "ICQ Buffer Overflow Exploit"
Next in thread: Bryce Walter: "Re: ICQ Buffer Overflow Exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:28:41 PDT