>I suspect this bug is also exploitable from HTML email by including the >magic ICQ URL in an <IFRAME> tag embedded in the message. > >Richard This could also be exploited through html using the refresh meta tag... When viewing the originating email of this thread in the eudora 5.0 preview window, (while "Microsoft's viewer" [which is really just IE] was enabled in the options) the META tag was read and executed and the preview window was refreshed to show "[ICQ User] UIN= Email= NickName= FirstName= LastName=" I suspect this information was displayed rather then executed due to the fact that i don't have ICQ installed on this machine, and therefore no mime type exists for such content on this machine. I was unable to test this with ICQ installed since windows' and AOL's programming (mirabillis is owned by AOL, don't you know?) makes ICQ crash every time its started. However, this shows that its possible for a refresh meta tag to effect a PREVIEW window and execute the add user content. Can We Say, "Email Tracking"? This could be (scarily) used by spammers to track valid email addresses. With a simple program to interface with ICQ or an ICQ dummy client (that only listens for "User has added you" messages), the spammer would be able to verify the email address through the email address listed in the ICQ user's profile, the spammer now also has the user's ICQ number, giving them yet another medium to spam over. Just more scary they're-all-out-to-get-you things to think about =) - Chris >-----Original Message----- >From: AreS [mailto:ares@security-downloads.com] >Sent: Wednesday, August 22, 2001 6:14 PM >To: BUGTRAQat_private >Subject: Hexyn / Securax Advisory #22 - ICQ Forced Auto-Add Users > > >Hexyn / Securax Advisory #22 - ICQ Forced Auto-Add Users > >Topic: ICQ Forced Auto-Add Users >Announced: 2001-08-17 >Affects: ICQ 200x* up to 2001a Alpha > >DISCLAIMER: >*********** >THE ENTIRE ADVISORY HAS BEEN BASED UPON TRIAL AND ERROR RESULTS. >THEREFORE WE CANNOT ENSURE YOU THE INFORMATION BELOW IS 100% CORRECT. >THIS DOCUMENT IS SUBJECT TO CHANGE WITHOUT PRIOR NOTICE. > >I. Problem Description >********************** >ICQ is a popular and free chat program, with over 108,022,319 users all >over the world. When ICQ is installed, it adds a Content-Type to >Microsoft Internet Exploder, the "application/x-icq" type. When IE >receives "Content-Type: application/x-icq" from a web server and >following content:
This archive was generated by hypermail 2b30 : Sat Aug 25 2001 - 01:14:57 PDT