ICQ: A Blast from the Past

by | Jun 6, 2024

After 28 years of service, ICQ, one of the pioneering instant messaging platforms, is finally shutting down its servers. This marks the end of an era for a tool that has witnessed the evolution of online communication since its launch in 1996. As we bid farewell to ICQ, it’s an opportune moment to reflect on its history and the security challenges it has faced over the years. Our research aims to provide a comprehensive overview of ICQ’s journey, highlighting significant security incidents and vulnerabilities that have persisted over nearly three decades. This retrospective not only honors ICQ’s legacy but also underscores the enduring nature of certain cyber security threats.

RANSOMWARE: A Hostage Situation on ICQ

A long time ago in an internet far far away, one of the first ransomware attacks took place. One of the most notable security breaches in ICQ’s history occurred when an account was held hostage for ransom. In this incident, a hacker took over a user’s identification number (UIN) and demanded $100 to release it. This case highlights the vulnerabilities in the ICQ platform and the persistent threats faced by its users.

In the early 2000s, Dale Ficken, a Webcasting consultant, found himself locked out of his ICQ account. A hacker had gained unauthorized access to his password and UIN, which he had used for four years, accumulating valuable business contacts. Ficken’s UIN was hijacked, and the hacker demanded a ransom of $100 for its return.

America Online (AOL), which had acquired ICQ, confirmed the breach and restored Ficken’s UIN after two days. AOL’s investigation suggested that the compromise was likely due to a Trojan horse virus that had stolen Ficken’s password. While AOL treated this as an isolated incident, security experts pointed out that ICQ and similar instant messaging services were highly susceptible to such attacks.

Alfred Huger, vice president of engineering at SecurityFocus.com, noted that ICQ had multiple known exploits, including a buffer overflow vulnerability that could allow attackers to gain control of a user’s computer. Despite AOL’s efforts to address these security issues, the incident demonstrated the ongoing risk posed by malicious software concealed within innocent-looking files.

The hijacker, who claimed to be part of a group of Russian hackers, was believed to be targeting early ICQ UINs, which were considered prestigious among hackers. Ficken’s experience underscored the broader issue of cybercriminals exploiting vulnerabilities in popular software to extort users.

ACCOUNT TAKEOVER: Trojan Horse Steals ICQ Users’ Identities

One of the major breaches in 1999. In another significant security breach, hundreds of ICQ users found their accounts compromised by a Trojan horse virus. This incident, reported in September 1999, involved a malicious program disguised as a JPEG image file. When users downloaded and opened the file, the Trojan horse stole their passwords and took control of their ICQ accounts.

ICQ, which had over 42 million registrations at the time, identified users by numerical IDs. Shorter numerical IDs, particularly those from the early days of ICQ, were considered prestigious and became prime targets for theft. Hackers distributed the Trojan horse via email, exploiting the allure of seemingly harmless image files to gain access to users’ accounts.

America Online (AOL), which had acquired ICQ the previous year, acknowledged the breach and implemented measures to verify the authenticity of accounts and restore control to their rightful owners. Despite these efforts, approximately 200 users reported having their passwords stolen during this wave of attacks.

The incident highlighted the vulnerabilities associated with ICQ’s user identification system and the ongoing risk of Trojan horse viruses, which continue to be a threat in the digital landscape. AOL’s response underscored the importance of robust security protocols and user education in mitigating such risks.

PHISHING ATTACK: Bizex Worm Infects ICQ Users

In a significant security incident, ICQ users were targeted by the Bizex worm, causing the first global epidemic among users of the instant messaging system. Detected by Kaspersky Lab, Bizex infected approximately 50,000 computers worldwide through phishing attacks. Users received invitations via ICQ to visit a hacker’s website (http://www.jokeworld.biz/index.html), which displayed content from Joe Cartoon to disguise its malicious intent.

The website exploited vulnerabilities in Internet Explorer and Windows to download and launch the Bizex worm on the user’s computer. Once installed, Bizex created a folder named SYSMON in the Windows system directory, copied itself as SYSMON.EXE, and registered in the system registry auto-run key. This ensured the worm would load each time the operating system started. Bizex then accessed the ICQ contact list, disconnected the active ICQ client, and sent the malicious link to all contacts, further spreading the infection.

The worm’s payloads were varied and dangerous, leading to the theft of confidential information, including payment system details and login credentials for various email systems. Among the targeted payment systems were:

  • Wells Fargo
  • American Express UK
  • Barclaycard
  • Credit Lyonnais
  • Lloyds
  • E-gold

Eugene Kaspersky, Head of Anti-Virus Research at Kaspersky Lab, noted the sophistication of Bizex: “The new method of penetration, the fact that ICQ has not been used for such an attack before, and the wide range of spy functions – this combination is sure to reap huge profits for the author of Bizex.”

Kaspersky Lab quickly added protection against Bizex to their Anti-Virus database, emphasizing the need for users to be cautious about visiting suspicious sites and promptly install updates for Internet Explorer and Windows.

Bizex IoCs for the nostalgia:

  • MD5 – 9d3574051db8716b39c62628e0e41c23
  • SHA-1 – fe339e89013a194e1206209397ded98485405663
  • SHA-256 – e13422d9d35231c40986c5814c0b4c62d8e418d0397606f43c19c009a21215e7

The latest report on the malware has been detailed by VirusTotal.

MALVERTIZING CAMPAIGN: Fake Antivirus Ads on ICQ

In another notable security incident, ICQ users were targeted by a sophisticated malvertising campaign involving fake antivirus warnings. Discovered by Kaspersky Lab, this attack primarily affected users in Russia and Eastern Europe.

The malicious ads appeared in the ICQ window, masquerading as an advertisement for a women’s clothing company, Charlotte Russe. Clicking on the ad redirected users to the legitimate Charlotte Russe website. However, around the same time, a pop-up from a rogue antivirus program called “Antivirus8” appeared, falsely claiming that suspicious activity had been detected on the system and urging users to download the fake antivirus software.

Roel Schouwenberg, a senior antivirus researcher at Kaspersky, noted that this malware attack was unique because the scareware pop-up appeared without any user interaction, such as clicking on a malicious link. Instead, the pop-up was triggered by the display of new ads within ICQ.

Further investigation revealed that the ad image linked to the fake antivirus pop-up was hosted on a server unrelated to the clothing retailer. This indicated that the attackers had gone to great lengths to make their campaign appear legitimate, tricking the ad server, yieldmanager, into approving and running the ads.

Schouwenberg speculated that two fraud gangs might be involved in the attack—one responsible for creating the fake antivirus software and another for distributing the malware through ICQ ads. This level of coordination and sophistication is unusual and demonstrates the high level of skill involved in the attack.

.

Key Lessons from ICQ’s History

The journey of ICQ, from its launch in 1996 to its recent shutdown, is a testament to the evolution of online communication and the persistent challenges in cybersecurity. Over nearly three decades, ICQ experienced numerous security breaches, each highlighting different vulnerabilities and threats that remain relevant today.

The security challenges faced by ICQ are not relics of the past; they continue to manifest in various forms today. Modern messaging platforms, social media sites, and other online services still grapple with ransomware, phishing, account takeovers, and malvertising. By studying ICQ’s history, we can glean valuable insights into the nature of these threats and the importance of maintaining vigilant cybersecurity practices.


ICQ Vulnerabilities through the Years:

CVEDescription
CVE-2011-4601family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2) ICQ message associated with buddy-list addition.
CVE-2011-0487ICQ 7 does not verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a crafted file that is fetched through an automatic-update mechanism.
CVE-2009-3615The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client.
CVE-2009-1915Stack-based buffer overflow in the URL Search Hook (ICQToolBar.dll) in ICQ 6.5 allows remote attackers to cause a denial of service (persistent crash) and possibly execute arbitrary code via an Internet shortcut .URL file containing a long URL parameter, which triggers a crash when browsing a folder that contains this file.
CVE-2009-1889The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets the ICQWebMessage message type as the ICQSMS message type, which allows remote attackers to cause a denial of service (application crash) via a crafted ICQ web message that triggers allocation of a large amount of memory.
CVE-2009-0769QIP 2005 build 8082 allows remote attackers to cause a denial of service (CPU consumption and application hang) via a crafted Rich Text Format (RTF) ICQ message, as demonstrated by an {\rtf\pict\&&} message. NOTE: the vulnerability may be in Sergey Tkachenko TRichView. If so, then this should not be treated as a vulnerability in QIP.
CVE-2008-7136toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers to cause a denial of service (toolbar crash) via a long argument to the (1) RequestURL, (2) GetPropertyById, or (3) SetPropertyById method, different vectors than CVE-2008-7135.
CVE-2008-7135toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers to cause a denial of service (toolbar crash) via a long argument to the IsChecked method, a different vector than CVE-2008-7136.
CVE-2008-3191Multiple SQL injection vulnerabilities in usercp.php in mForum 0.1a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) City, (2) Interest, (3) Email, (4) Icq, (5) msn, or (6) Yahoo Messenger field in an edit_profile action.
CVE-2008-1920Heap-based buffer overflow in the boxelyRenderer module in the Personal Status Manager feature in ICQ 6.0 build 6043 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted personal status message.
CVE-2008-1120Format string vulnerability in the embedded Internet Explorer component for Mirabilis ICQ 6 build 6043 allows remote servers to execute arbitrary code or cause a denial of service (crash) via unspecified vectors related to HTML code generation.
CVE-2007-5590Multiple buffer overflows in Miranda before 0.7.1 allow remote attackers to execute arbitrary code via unspecified vectors involving (1) IRC options, (2) Jabber forms, and unspecified aspects of the (3) ICQ and (4) Yahoo! instant messaging functionality. NOTE: some of these details are obtained from third party information.
CVE-2007-5189Multiple SQL injection vulnerabilities in mes_add.php in x-script GuestBook 1.3a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) icq, and (4) website parameters.
CVE-2007-3713Multiple buffer overflows in Konst CenterICQ 4.9.11 through 4.21 allow remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this might overlap CVE-2007-0160.
CVE-2007-1904Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 and earlier, and ICQ 5.1 and probably earlier, allows user-assisted remote attackers to write files to arbitrary locations via a .. (dot dot) in a filename in a file transfer operation.
CVE-2007-1443Multiple cross-site scripting (XSS) vulnerabilities in register.php in Woltlab Burning Board (wBB) 2.3.6 and Burning Board Lite 1.0.2pl3e allow remote attackers to inject arbitrary web script or HTML via the (1) r_username, (2) r_email, (3) r_password, (4) r_confirmpassword, (5) r_homepage, (6) r_icq, (7) r_aim, (8) r_yim, (9) r_msn, (10) r_year, (11) r_month, (12) r_day, (13) r_gender, (14) r_signature, (15) r_usertext, (16) r_invisible, (17) r_usecookies, (18) r_admincanemail, (19) r_emailnotify, (20) r_notificationperpm, (21) r_receivepm, (22) r_emailonpm, (23) r_pmpopup, (24) r_showsignatures, (25) r_showavatars, (26) r_showimages, (27) r_daysprune, (28) r_umaxposts, (29) r_dateformat, (30) r_timeformat, (31) r_startweek, (32) r_timezoneoffset, (33) r_usewysiwyg, (34) r_styleid, (35) r_langid, (36) key_string, (37) key_number, (38) disablesmilies, (39) disablebbcode, (40) disableimages, (41) field[1], (42) field[2], and (43) field[3] parameters. NOTE: a third-party researcher has disputed some of these vectors, stating that only the r_dateformat and r_timeformat parameters in Burning Board 2.3.6 are affected.
CVE-2007-0160Stack-based buffer overflow in the LiveJournal support (hooks/ljhook.cc) in CenterICQ 4.9.11 through 4.21.0, when using unofficial LiveJournal servers, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by adding the victim as a friend and using long (1) username and (2) real name strings.
CVE-2006-5724Heap-based buffer overflow the “Answering Service” function in ICQ 2003b Build 3916 allows local users to cause a denial of service (application crash) via a long string in the “AwayMsg Presets” value in the ICQ\ICQPro\DefaultPrefs\Presets registry key.
CVE-2006-5650The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote attackers to download and execute arbitrary code via the DownloadAgent function, as demonstrated using an ICQ avatar.
CVE-2006-4662Heap-based buffer overflow in the MCRegEx__Search function in AOL ICQ Pro 2003b Build 3916 and earlier allows remote attackers to execute arbitrary code via an inconsistent length field of a Message in a 0x2711 Type-Length-Value (TLV) type.
CVE-2006-4661AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does not properly validate the origin of the configuration web page (options2.html), which allows user-assisted remote attackers to provide a web page that contains disguised checkboxes that trick the user into reconfiguring the toolbar.
CVE-2006-4660Multiple cross-site scripting (XSS) vulnerabilities in the RSS Feed module in AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) allow remote attackers to process arbitrary web script or HTML in the Feeds interface context via the (1) title and (2) description elements within an item element in an RSS feed.
CVE-2006-4118Multiple SQL injection vulnerabilities in GeheimChaos 0.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Temp_entered_login or (2) Temp_entered_email parameters to (a) gc.php, and in multiple parameters in (b) include/registrieren.php, possibly involving the (3) $form_email, (4) $form_vorname, (5) $form_nachname, (6) $form_strasse, (7) $form_plzort, (8) $form_land, (9) $form_homepage, (10) $form_bildpfad, (11) $form_profilsichtbar, (12) $Temp_sprache, (13) $form_tag, (14) $form_monat, (15) $form_jahr, (16) $Temp_akt_string, (17) $form_icq, (18) $form_msn, (19) $form_yahoo, (20) $form_username, and (21) $Temp_form_pass variables.
CVE-2006-3539Multiple cross-site scripting (XSS) vulnerabilities in DKScript.com Dragon’s Kingdom Script 1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the (1) Subject and (2) Message fields in a do=write (aka Send Mail Message) action in gamemail.php; the (3) Gender, (4) Country/Location, (5) MSN Messenger, (6) AOL Instant Messenger, (7) Yahoo Instant Messenger, and (8) ICQ fields in a do=onlinechar (aka Edit your Profile) action in index.php, as accessed by dk.php; a javascript URI in the SRC attribute of an IMG element in the (9) Title and (10) Message fields in a do=new (aka Create Thread) action in general.php; and a javascript URI in the SRC attribute of an IMG element in unspecified fields in (11) other Forum posts and (12) Forum replies.
CVE-2006-3297Cross-site scripting (XSS) vulnerability in error.php in UebiMiau Webmail 2.7.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the icq parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-3063Multiple cross-site scripting (XSS) vulnerabilities in myPHP Guestbook 1.x through 2.0.0-r1 and before 2.0.1 RC5 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) email, (3) homepage, (4) id, (5) name, and (6) text parameters in (a) index.php, the (7) comment, (8) email, (9) homepage, (10) number, (11) name, and (12) text parameters in (b) admin/guestbook.php, and the (13) email, (14) homepage, (15) icq, (16) name, and (17) text parameters in (c) admin/edit.php.
CVE-2006-3007Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 allow remote attackers to inject arbitrary HTML or web script via the DJ fields (1) Description, (2) URL, (3) Genre, (4) AIM, and (5) ICQ.
CVE-2006-2303Cross-Application Scripting (XAS) vulnerability in ICQ Client 5.04 build 2321 and earlier allows remote attackers to inject arbitrary web script from one application into another via a banner, which is processed in the My Computer zone using the Internet Explorer COM object.
CVE-2006-1815Multiple cross-site scripting (XSS) vulnerabilities in register.php in Tritanium Bulletin Board (TBB) 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) newuser_realname and (2) newuser_icq parameters, a different vector than CVE-2006-1768. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-1811Multiple SQL injection vulnerabilities in FlexBB 0.5.5 BETA allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) forumid, or (3) threadid parameter to index.php; the (4) ICQ, (5) AIM, (6) MSN, (7) Google Talk, (8) Website Name, (9) Website Address, (10) Email Address, (11) Location, (12) Signature, and (13) Sub-Titles fields in the user profile; or (14) flexbb_password field in a cookie.
CVE-2006-1810Multiple cross-site scripting (XSS) vulnerabilities in FlexBB 0.5.5 BETA allow remote attackers to inject arbitrary web script or HTML via the (1) ICQ, (2) AIM, (3) MSN, (4) Google Talk, (5) Website Name, (6) Website Address, (7) Email Address, (8) Location, (9) Signature, and (10) Sub-Titles fields in the user profile.
CVE-2006-1204Multiple cross-site scripting (XSS) vulnerabilities in txtForum 1.0.4-dev and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) prev, (2) next, and (3) rand5 parameters in (a) index.php; the (4) r_username and (5) r_loc parameters in (b) new_topic.php; the (6) r_num, (7) r_family_name, (8) r_icq, (9) r_yahoo, (10) r_aim, (11) r_homepage, (12) r_interests, (13) r_about, (14) selected1, (15) selected0, (16) signature_selected1, (17) signature_selected0, (18) smile_selected1, (19) smile_selected0, (20) ubb_selected1, and (21) ubb_selected0 parameters in (c) profile.php; the (22) quote and (23) tid parameters in (d) reply.php; and the (24) tid, (25) sticked, and (26) mid parameters in (e) view_topic.php.
CVE-2006-0766ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions and bypass Windows security warnings via a filename that ends in an assumed-safe extension such as JPG, and possibly containing other modified properties such as company name, icon, and description, which could trick a user into executing arbitrary programs.
CVE-2006-0765GUI display truncation vulnerability in ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions, bypass Windows security warnings via a filename that is all uppercase and of a specific length, which truncates the malicious extension from the display and could trick a user into executing arbitrary programs.
CVE-2005-4693Gaim-Encryption 2.38-1 on Debian Linux allows remote attackers to cause a denial of service (crash) via a crafted message from an ICQ buddy, possibly involving the GE_received_key function in keys.c.
CVE-2005-3694centericq 4.20.0-r3 with “Enable peer-to-peer communications” set allows remote attackers to cause a denial of service (segmentation fault and crash) via short zero-length packets, and possibly packets of length 1 or 2, as demonstrated using Nessus.
CVE-2005-3433Buffer overflow in Mirabilis ICQ 2003a allows user-assisted attackers to execute arbitrary code by convincing a user to enter long strings into the First Name and Last Name fields.
CVE-2005-2569Multiple cross-site scripting (XSS) vulnerabilities in FunkBoard 0.66CF, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the fbusername or fbpassword parameter to (1) editpost.php, (2) prefs.php, (3) newtopic.php, (4) reply.php, or (5) profile.php, the (6) fbusername, (7) fmail, (8) www, (9) icq, (10) yim, (11) location, (12) sex, (13) interebbies, (14) sig or (15) aim parameter to register.php, or (16) subject parameter to newtopic.php.
CVE-2005-2103Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an away message with a large number of AIM substitution strings, such as %t or %n.
CVE-2005-2102The AIM/ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) via a filename that contains invalid UTF-8 characters.
CVE-2005-1914CenterICQ 4.20.0 and earlier creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack on the gg.token.PID temporary file.
CVE-2005-0651Multiple SQL injection vulnerabilities in ProjectBB 0.4.5.1 allow remote attackers to execute arbitrary SQL commands via (1) liste or (2) desc parameters to divers.php (incorrectly referred to as “drivers.php” by some sources), (3) the search feature text area, (4) post name in the post creation feature, (5) City, (6) Homepage, (7) ICQ, (8) AOL, (9) Yahoo!, (10) MSN, or (11) e-mail fields in the profile feature or (12) the new field in the moderator section.
CVE-2005-0472Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ.
CVE-2004-1441Cross-site scripting (XSS) vulnerability in icq.cgi in Board Power 2.04PF allows remote attackers to inject arbitrary web script or HTML via the action parameter.
CVE-2004-0362Multiple stack-based buffer overflows in the ICQ parsing routines of the ISS Protocol Analysis Module (PAM) component, as used in various RealSecure, Proventia, and BlackICE products, allow remote attackers to execute arbitrary code via a SRV_MULTI response containing a SRV_USER_ONLINE response packet and a SRV_META_USER response packet with long (1) nickname, (2) firstname, (3) lastname, or (4) email address fields, as exploited by the Witty worm.
CVE-2003-0769Cross-site scripting (XSS) vulnerability in the ICQ Web Front guestbook (guestbook.html) allows remote attackers to insert arbitrary web script and HTML via the message field.
CVE-2003-0365ICQLite 2003a creates the ICQ Lite directory with an ACE for “Full Control” privileges for Interactive Users, which allows local users to gain privileges as other users by replacing the executables with malicious programs.
CVE-2003-0239icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service via malformed GIF89a headers that do not contain a GCT (Global Color Table) or an LCT (Local Color Table) after an Image Descriptor.
CVE-2003-0238The Message Session window in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service (CPU consumption) by spoofing the address of an ADS server and sending HTML with a -1 width in a table tag.
CVE-2003-0237The “ICQ Features on Demand” functionality for Mirabilis ICQ Pro 2003a does not properly verify the authenticity of software upgrades, which allows remote attackers to install arbitrary software via a spoofing attack.
CVE-2003-0236Integer signedness errors in the POP3 client for Mirabilis ICQ Pro 2003a allow remote attackers to execute arbitrary code via the (1) Subject or (2) Date headers.
CVE-2003-0235Format string vulnerability in POP3 client for Mirabilis ICQ Pro 2003a allows remote malicious servers to execute arbitrary code via format strings in the response to a UIDL command.
CVE-2002-2329ICQ client 2001b, 2002a and 2002b allows remote attackers to cause a denial of service (CPU consumption or crash) via a message with a large number of emoticons.
CVE-2002-2075ICQ 2001a and 2002b allows remote attackers to cause a denial of service (memory consumption and hang) via a contact message with a large contacts number.
CVE-2002-1773Buffer overflow in ICQ 2.6x for MacOS X 10.0 through 10.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long request.
CVE-2002-1743AOL ICQ 2002a Build 3722 allows remote attackers to cause a denial of service (crash) via a malformed .hpf file.
CVE-2002-1362mICQ 0.4.9 and earlier allows remote attackers to cause a denial of service (crash) via malformed ICQ message types without a 0xFE separator character.
CVE-2002-0254ICQ 2001b Build 3659 allows remote attackers to cause a denial of service (crash) via a malformed picture that contains large height and width values, which causes the crash when viewed in Userdetails.
CVE-2002-0251Buffer overflow in licq 1.0.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string of format string characters such as “%d”.
CVE-2002-0227KICQ 2.0.0b1 allows remote attackers to cause a denial of service (crash) via a malformed message.
CVE-2002-0028Buffer overflow in ICQ before 2001B Beta v5.18 Build #3659 allows remote attackers to execute arbitrary code via a Voice Video & Games request.
CVE-2001-1305ICQ 2001a Alpha and earlier allows remote attackers to automatically add arbitrary UINs to an ICQ user’s contact list via a URL to a web page with a Content-Type of application/x-icq, which is processed by Internet Explorer.
CVE-2001-0367Mirabilis ICQ WebFront Plug-in ICQ2000b Build 3278 allows a remote attacker to create a denial of service via HTTP URL requests containing a large number of % characters.
CVE-2000-1078ICQ Web Front HTTPd allows remote attackers to cause a denial of service by requesting a URL that contains a “?” character.
CVE-2000-0564The guestbook CGI program in ICQ Web Front service for ICQ 2000a, 99b, and others allows remote attackers to cause a denial of service via a URL with a long name parameter.
CVE-2000-0552ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information.
CVE-2000-0046Buffer overflow in ICQ 99b 1.1.1.1 client allows remote attackers to execute commands via a malformed URL within an ICQ message.
CVE-1999-1440Win32 ICQ 98a 1.30, and possibly other versions, does not display the entire portion of long filenames, which could allow attackers to send an executable file with a long name that contains so many spaces that the .exe extension is not displayed, which could make the user believe that the file is safe to open from the client.
CVE-1999-1418ICQ99 ICQ web server build 1701 with “Active Homepage” enabled generates allows remote attackers to determine the existence of files on the server by comparing server responses when a file exists (“404 Forbidden”) versus when a file does not exist (“404 not found”).
CVE-1999-1342ICQ ActiveList Server allows remote attackers to cause a denial of service (crash) via malformed packets to the server’s UDP port.
CVE-1999-1289ICQ 98 beta on Windows NT leaks the internal IP address of a client in the TCP data segment of an ICQ packet instead of the public address (e.g. through NAT), which provides remote attackers with potentially sensitive information about the client or the internal network configuration.
CVE-1999-0474The ICQ Webserver allows remote attackers to use .. to access arbitrary files outside of the user’s personal directory.

Get your security controls assessment now


Recommended Articles

Subscribe to our BLOG

Get the latest security insights, news and articles delivered to your inbox.

Product

Product Overview

Maximize security posture while ensuring business uptime

Odin

AI-Powered Contextual Cybersearch

Automated Security Controls Assessment

Validate your security control

Integrations

Connect Veriti with your security solutions

Use Cases

Agentless OS-Level Remediation

Proactively safeguard your systems directly at the OS-Level on the endpoint

Vulnerability Remediation

Safely remediate vulnerabilities in one click

Business Continuity

Reduce alert fatigue. Increase Security Effectiveness

MISCONFIGURATION MANAGEMENT

Proactively neutralize misconfigurations to minimize exposure risks

Mobilizing Threat Remediation

Identify and mobilize threat remediation across the security stack automatically.

GENERATIVE AI SECURITY

Chat with your environment to cut MTTR times drastically

Solutions

Safe Remediation

Ensure remediation actions do not give rise to additional exposures

MITRE ATT&CK®

Quickly respond to live threats with safe and precise remediation

VERITI FOR Enterprises

Increase business outcomes

VERITI FOR MSSPs

Efficiently manage multiple clients in a consolidated platform

VERITI FOR HEALTHCARE

Neutralize security gaps without impacting healthcare operations

VERITI FOR MANUFACTURING

Protect the heart of your production processes

SEC AND THE BUSINESS

A security pro’s guide to exposure assessments and remediation

 

Read Whitepaper >>

Resources

See all resources

Blog

Veriti's security blog

Downloads

The latest guides, white papers and infographics

Events

Live event and on-demand webinars

Glossary

Our Comprehensive Definitions Guide

MASTERING MODERN OS-LEVEL SECURITY: THE AGENTLESS APPROACH

WATCH NOW>>

Our Story

Learn about Veriti

Careers

Work with us

Newsroom

Our latest updates

Contact US

Get in touch

CHANNEL PARTNERS

Become a partner

MSSPs

Reduce operational costs