This is very similar to the AIM overflow recently discovered. ICQ protocol uses the same TLV (2711) packet and there is a similar weakness in the parsing of the packet. The details of this vulnerability will not be released until a further time (when a patch has been implemented, probably). ICQ2000 clients are vulnerable. ICQ2001 clients do not appear to be vulnerable under default setup conditions. Execution of arbitary code is possible since EAX/EBX point to within the payload. Until AOL announces a patch/workaround, it is highly recommended to restrict receiving of events (other than normal messages) to contacts you know. ------------- Daniel Tan Class of 2004 Jerome Fisher Management & Technology Program University of Pennsylvania, USA datan@seas.upenn.edu datan@wharton.upenn.edu -------------
