Bufferoverflow in ICQ 2001b --------------------------- by tSR tsr_haccat_private Summary: -------- Loading manipulated picture in Userdetails will crash ICQ. Only ICQ Version 2001b Build # 3659 was tested with Windows 98SE. The Orginal File(picoriginal.jpg): 000000A0 0011 0800 7E00 7803 0122 0002 1101 0311 ....~.x.."...... |__________| Here Stands the height and width of the .jpg file. The Manipulated File(picmanipulated.jpg): 000000A0 0011 08FF FFFF FFFF 0122 0002 1101 0311 ........."...... It works like Overflow in RealPlayer some days ago. Example: -------- 1. Unpack the attached picmanipulated.jpg file. 2. Start ICQ and go to ICQ -> View / Change My Details. 3. Go to Picture and Browse to the picmanipulated.jpg file and click on OK. If your System/ICQ is vuln. ICQ will crash. PS: If ICQ crashes start it again and check if the pic is not saved. If it is saved ICQ will crash again, you must go to your ICQ directory and delete the InfoYOURICQNUMBER.dat in the Plugins folder. (e.g.: C:\Programme\ICQ\Plugins\Info\Info1234567890.dat) Oh yes before i forget it: I know that i have not a perfect english. ;) tSR grtz to all who know me :)
This archive was generated by hypermail 2b30 : Fri Feb 08 2002 - 16:00:24 PST