Subscribe: Subscribe to BigBlueBallRSSSubscribe to BigBlueBall by emailEmailSubscribe to BigBlueBallTwitter

Browse > Home /

ICQ 6.5 HTML Injection Bug

August 19, 2009 by Jeff Hester  
Filed under ICQ

Leave a Comment

ICQThe venerable IM is vulnerable. SecuObs.com reports that popular instant messenger ICQ (”I seek you”), version 6.5 is vulnerable to HTML-injection attack.

What does this mean?

The incoming message window in the vulnerable ICQ client works like a mini web browser. An attacker can try to exploit the vulnerability by sending specially crafted message to the remote ICQ client. The malicious message can contain text data which will be interpreted and displayed in the incoming message window as a HTML code. Potentially an arbitrary HTML code could be injected.

There are two risks that have been identified:

1.  Information disclosure

For example, an attacker can inject <IMG> tag that could lead information disclosure (such as remote client’s IP address, browser version, OS version, etc.)

2.  Spoofing

An attacker can spoof ICQ client software’s system messages, interface elements (buttons, links) in the message window, etc. For example, it could be used for forcing of the ICQ users to click on attacker’s malicious link.

The vulnerability exists in the lastest build of ICQ 6.5, and may affect older versions as well.

As of yet, ICQ has not issued an update to fix this vulnerability. To be safe until they do, I suggest using an alternate, compatible IM client  such as Trillian, Adium, Pidgin or Digsby.

HTML-injection vulnerability exists in official ICQ client software. Incoming message window in the vulnerable ICQ client has a web browser nature. An attacker can try to exploit the vulnerability by sending specially crafted message to the remote ICQ client. The malicious message can contain text data which will be interpreted and displayed in the incoming message window as a HTML code. Potentially an arbitrary HTML code could be injected.
There are two impacts of the vulnerability has been detected:
1.  Information disclosure
For example, an attacker can inject <IMG> tag that could lead information disclosure (such as remote client’s IP address, browser version, OS version, etc.)
2.  Spoofing
An attacker can spoof ICQ client software’s system messages, interface elements (buttons, links) in the message window, etc. For example, it could be used for forcing of the ICQ users to click on attacker’s malicious link.
Maybe other impacts are possible.

Tags: , , ,

Avoid Phishing Worms on WLM

April 14, 2009 by Doris Kenney  
Filed under Tutorials, Windows Live Messenger

5 Comments

Thank you to Jonathan Kay for giving his permission to repost his full blog entry from MessengerGeek on Live Spaces here for our BigBlueBall members. This is valuable information of which every WLM user should be aware. This is a wonderful explanation of what to watch out for, and what to do if you think you’ve been compromised.

As the most used instant messaging service in the world, it’s become more and more common to find your contacts sending out virus, spam and worm links through Messenger. There’s a lot of different types and different steps for removal, but the one most recently affecting people is a “phishing worm”. Read more

Tags: , , , ,

Five Steps to Internet Security

August 27, 2003 by Dave Amenta  
Filed under Social Networks, Tutorials

2 Comments

BigBlueBall Reference LibraryThe Internet is a world of information and knowledge; however it’s a dangerous place. In this article I’ll give ways to keep your passwords more secure and I will give an example of how easily a password can be stolen. I’ll also show you some other great tips to keep secure online. Read more

Tags: ,