bugtraq@, Title: ICQ Lite executable trojaning Affected: ICQLite 2003a Vendor: ICQ Inc Vendor URL: http://www.icq.com Risk: Average Exploitable: Yes Remote: No Date: May, 29 2003 Advisory URL: http://www.security.nnov.ru/advisories/icqlite.asp I. Intro: ICQ Lite is popular internet messenger software. This is only ICQ version which requires no elevated privileges (such as Power User) to work, so, it's often used by corporate users and on public computers. II. Problem: During installation ICQLite silently adds Intercative Users: Full Control ACE to ACLs for Program Files\ICQ Lite directory. It makes it possible to replace any executable file in this directory and to obtain privileges of user launching ICQ Lite. III. Workaround Replace "Full Control" with "Change" permission for installation directory and to "Read" permissions for all executable files (.exe and .dll's). -- http://www.security.nnov.ru /\_/\ { , . } |\ +--oQQo->{ ^ }<-----+ \ | ZARAZA U 3APA3A } +-------------o66o--+ / |/ You know my name - look up my number (The Beatles)
This archive was generated by hypermail 2b30 : Thu May 29 2003 - 23:43:51 PDT