News

Security hole found in instant messaging app

Users of the instant messaging application ICQ are being urged to upgrade to the latest version of the software because of a potentially damaging bug, according to a notice on the ICQ Web site.

The hole is in the ICQ Voice Video & Games feature for versions earlier than 2001b, according to the notice. ICQ 2001b was released on 31 October last year.

According to the ICQ Web site, over 100 million people worldwide are registered as ICQ users.

ICQ is owned by America Online Time Warner (AOL), which earlier this month had to patch a hole in its other instant messaging product, AOL Instant Messenger (AIM).

The hole in ICQ is very similar, according to Daniel Tan, a US student who first reported the vulnerability in a posting to the Bugtraq mailing list.

Both ICQ and AIM are flawed in the way they handle a certain data packet. The packed causes a buffer overflow, which could allow an attacker to run code on a user's computer.

Details on how to exploit the vulnerability were not published because Tan wanted to give AOL time to fix its software.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy