Re: ICQ Buffer Overflow Exploit

Subject: Re: ICQ Buffer Overflow Exploit
From: Nick Summy (doggystyleSHAKUR.NET)
Date: Wed Jan 19 2000 - 13:21:38 CST

• Next message: Tim Yardley: "explanation and code for stream.c issues"
• Previous message: what's your style?: "Unixware ppptalk"
• In reply to: Bryce Walter: "Re: ICQ Buffer Overflow Exploit"
• Reply: Nick Summy: "Re: ICQ Buffer Overflow Exploit"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Not difficult at all, if anyone has ever though about it, here
http://www.student.nada.kth.se/~d95-mih/icq/ is a webpage that explains a
lot about the ICQ protocol, it also explains a little about AOL's

- Nick

Bryce Walter wrote:

> Yes, but how tough would it be to write your own client to send msgs on the
> icq network. MS did it w/ AOL's instant messenger. :)
>
> >I have been playing with this bug a little, and it seems that ICQ only
> >picks
> >up oversize messages when they are keyed in, and not when they are pasted.
> >maybe it wouldn't be so bad if this was fixed so that at least the client
> >couldn't be used to execute this attack. :-/
>
> ______________________________________________________
> Get Your Private, Free Email at http://www.hotmail.com

• Next message: Tim Yardley: "explanation and code for stream.c issues"
• Previous message: what's your style?: "Unixware ppptalk"
• In reply to: Bryce Walter: "Re: ICQ Buffer Overflow Exploit"
• Reply: Nick Summy: "Re: ICQ Buffer Overflow Exploit"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b27 : Thu Jan 20 2000 - 19:20:33 CST