ICQ < 6 Build 6059 Message Processing Format String

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote host contains a chat client that is affected by a remote
format string vulnerability.

Description :

The version of ICQ installed on the remote host is earlier than 6
Build 6059. Such versions reportedly are affected by a format string
vulnerability in the embedded Internet Explorer component triggered
when processing HTML messages with a format string specifier such as
'%020000000p'. If a remote attacker can trick a user on the remote
host into viewing a message with the affecting application, he may be
able to leverage this issue to crash the affected application or to
execute arbitrary code on the remote host subject to the user's
privileges.

See also :

http://keksa.de/?q=icqstory
http://board.raidrush.ws/showthread.php?t=386983
http://www.nessus.org/u?5251565e

Solution :

Upgrade to ICQ 6 build 6059 (6.0.0.6059) or later as that reportedly
addresses the issue.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 34948 (icq_6_0_0_6059.nasl)

Bugtraq ID: 28027

CVE ID: CVE-2008-1120

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now