|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
ICQLite executable trojaning
From: 3APA3A (3APA3A
SECURITY.NNOV.RU)
Date: Thu May 29 2003 - 06:22:47 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
bugtraq,
Title: ICQ Lite executable trojaning
Affected: ICQLite 2003a
Vendor: ICQ Inc
Vendor URL: http://www.icq.com
Risk: Average
Exploitable: Yes
Remote: No
Date: May, 29 2003
Advisory URL: http://www.security.nnov.ru/advisories/icqlite.asp
I. Intro:
ICQ Lite is popular internet messenger software. This is only ICQ
version which requires no elevated privileges (such as Power User) to
work, so, it's often used by corporate users and on public computers.
II. Problem:
During installation ICQLite silently adds
Intercative Users: Full Control
ACE to ACLs for Program Files\ICQ Lite directory.
It makes it possible to replace any executable file in this directory
and to obtain privileges of user launching ICQ Lite.
III. Workaround
Replace "Full Control" with "Change" permission for installation
directory and to "Read" permissions for all executable files (.exe and
.dll's).
--
http://www.security.nnov.ru
/\_/\
{ , . } |\
+--oQQo->{ ^ }<-----+ \
| ZARAZA U 3APA3A }
+-------------o66o--+ /
|/
You know my name - look up my number (The Beatles)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]