Security hole found in instant messaging app


Security hole found in instant messaging app

Users of the instant messaging application ICQ are being urged to upgrade to the latest version of the software because of a potentially damaging bug, according to a notice on the ICQ Web site.

The hole is in the ICQ Voice Video & Games feature for versions earlier than 2001b, according to the notice. ICQ 2001b was released on 31 October last year.

According to the ICQ Web site, over 100 million people worldwide are registered as ICQ users.

ICQ is owned by America Online Time Warner (AOL), which earlier this month had to patch a hole in its other instant messaging product, AOL Instant Messenger (AIM).

The hole in ICQ is very similar, according to Daniel Tan, a US student who first reported the vulnerability in a posting to the Bugtraq mailing list.

Both ICQ and AIM are flawed in the way they handle a certain data packet. The packed causes a buffer overflow, which could allow an attacker to run code on a user's computer.

Details on how to exploit the vulnerability were not published because Tan wanted to give AOL time to fix its software.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy