ICQ < 6 Build 6059 Message Processing Format String
High Nessus Plugin ID 34948
SynopsisThe remote host contains a chat client that is affected by a remote format string vulnerability.
DescriptionThe version of ICQ installed on the remote host is earlier than 6 Build 6059. Such versions reportedly are affected by a format string vulnerability in the embedded Internet Explorer component triggered when processing HTML messages with a format string specifier such as '%020000000p'. If a remote attacker can trick a user on the remote host into viewing a message with the affecting application, he may be able to leverage this issue to crash the affected application or to execute arbitrary code on the remote host subject to the user's privileges.
SolutionUpgrade to ICQ 6 build 6059 (188.8.131.5259) or later as that reportedly addresses the issue.