Re: ICQ Buffer Overflow Exploit

From: Jeremy Johnson (jjohnsonat_private)
Date: Wed Jan 19 2000 - 03:05:22 PST

Next message: Kevin Matthew: "Re: IIS still revealing paths for web directories"

Previous message: Brock Tellier: "Re: Microsoft Security Bulletin (MS00-005)"
Maybe in reply to: drew copley: "ICQ Buffer Overflow Exploit"
Next in thread: Dylan Griffiths: "Re: ICQ Buffer Overflow Exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

not hard at all, numerous have already been written for linux/BSD.

http://www.freshmeat.net/search.php3?query=icq

At 07:43 PM 1/18/00 +0000, Bryce Walter wrote:
>Yes, but how tough would it be to write your own client to send msgs on the
>icq network.  MS did it w/ AOL's instant messenger.  :)
>
>
>
>>I have been playing with this bug a little, and it seems that ICQ only
>>picks
>>up oversize messages when they are keyed in, and not when they are pasted.
>>maybe it wouldn't be so bad if this was fixed so that at least the client
>>couldn't be used to execute this attack. :-/
>
>______________________________________________________
>Get Your Private, Free Email at http://www.hotmail.com

Next message: Kevin Matthew: "Re: IIS still revealing paths for web directories"
Previous message: Brock Tellier: "Re: Microsoft Security Bulletin (MS00-005)"
Maybe in reply to: drew copley: "ICQ Buffer Overflow Exploit"
Next in thread: Dylan Griffiths: "Re: ICQ Buffer Overflow Exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:29:11 PDT