Core Security Technologies, a penetration testing software vendor has found bugs in the old ICQ Pro 2003b, a version of the ICQ client that AOL still offers for download on its own site and other popular sites like Download.com. AOL advises all users of the old version to upgrade immediately but new ICQ software like ICQ 5.1 is not
affected by this flaw. Core has also found less critical probles in AOL's ICQ Toolbar 1.3 for Internet Explorer where scripting code could run by sending victims maliciously encoded RSS (Really Simple Syndication) feeds.
The malicious code made by the Core researchers is still proof-of-concept and not in the wild. The users of the old ICQ software don't have to do anything to get infected. Hackers could send a maliciously encoded instant message to the user, crash th PC and make it run other unauthorized software.
According to Computerworld :
Core Security Technologies on Thursday reported that they had discovered the flaw in ICQ Pro 2003b, a version of the ICQ client that AOL still offers for download, billing it as a "veteran version" of the product for users who prefer the earlier look-and-feel.
Core has also discovered less-critical issues in AOL's ICQ Toolbar 1.3 for Internet Explorer. These flaws could allow attackers to change the toolbar's configuration settings or possibly even run scripting code by sending victims maliciously encoded RSS (Really Simple Syndication) feeds. More information on these bugs can be found here.
Comment Preview