Security hole found in instant messaging app

Users of the instant messaging application ICQ are being urged to upgrade to the latest version of the software because of a...

Users of the instant messaging application ICQ are being urged to upgrade to the latest version of the software because of a potentially damaging bug, according to a notice on the ICQ Web site.

The hole is in the ICQ Voice Video & Games feature for versions earlier than 2001b, according to the notice. ICQ 2001b was released on 31 October last year.

According to the ICQ Web site, over 100 million people worldwide are registered as ICQ users.

ICQ is owned by America Online Time Warner (AOL), which earlier this month had to patch a hole in its other instant messaging product, AOL Instant Messenger (AIM).

The hole in ICQ is very similar, according to Daniel Tan, a US student who first reported the vulnerability in a posting to the Bugtraq mailing list.

Both ICQ and AIM are flawed in the way they handle a certain data packet. The packed causes a buffer overflow, which could allow an attacker to run code on a user's computer.

Details on how to exploit the vulnerability were not published because Tan wanted to give AOL time to fix its software.

Read more on Operating systems software

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

Close