my apologies... After making the discovery that the overflow occurs even with DC with the remote client, I have to deduce that parsing of the TLV packet is NOT at fault in this case. Reason: TLV packets are those that go through the servers. But DC connections do not use them. I believe it is in the creation of the message event that the buffer overflow occurs. An important difference with the AIM overflow is that the user has to doubleclick on the contact to receive the event for the overflow to occur. But I believe this is still a risk since most people would double click on their events anyway. elijah wright wrote: > > > This is very similar to the AIM overflow recently discovered. > > ICQ protocol uses the same TLV (2711) packet and there is a similar > > weakness in the parsing of the packet. > > duh, that's because its essentially the same protocol. :) > > ICQ clients should probably be viewed with the same suspicion as the > vulnerable AIM clients. > > elijah
