Bugtraq mailing list archives
Re: ICQ Buffer Overflow Exploit
From: hnt () GMX AT (Thomas Maschutznig)
Date: Sat, 15 Jan 2000 17:44:09 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Can (more or less) verify that overflow... I am running ICQ 99beta 3.1.9 build #2596 and tried to send some MESSAGES (no, NOT URL) It seemed that only the messagebox would let you send larger stuff Couldnt paste a lot into the URL-box So, with messages... entered http://www.alotofstuffhere...... I clicked it myself (yep, while entering) and Netscape opened up and ICQ said byebyes :) Could reproduce that 4 times in 4 tries Now, with sending it to other people... Somehow you cant send normal messages with more than 450 characters or whatever but if you start with http://www... ICQ doesnt seem to check it and messages with 2000 characters were no problem. Gonna try _sending_ messages (and recieve) later when someone appears to be online on my list :P Peace out, T -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com> iQA/AwUBOICVyrCVPCJvWxfLEQLGegCg+4c++1bQIDzeqTHw+X+7v1sUoLQAmwZ0 1ImsKN/HsO+Fe1rteybF+aXZ =+pSv -----END PGP SIGNATURE-----
Current thread:
- Re: ICQ Buffer Overflow Exploit Thomas Maschutznig (Jan 15)
- <Possible follow-ups>
- Re: ICQ Buffer Overflow Exploit x-x-x-x-x-x-x-x-x (Jan 18)
- Re: ICQ Buffer Overflow Exploit Bryce Walter (Jan 18)
- Re: ICQ Buffer Overflow Exploit Jeremy Johnson (Jan 19)
- Re: ICQ Buffer Overflow Exploit Nick Summy (Jan 19)
- Re: ICQ Buffer Overflow Exploit Dylan Griffiths (Jan 19)
- explanation and code for stream.c issues Tim Yardley (Jan 21)
- Re: explanation and code for stream.c issues Tim Yardley (Jan 21)
- Re: explanation and code for stream.c issues Tim Yardley (Jan 21)
- Re: explanation and code for stream.c issues Erik Fichtner (Jan 21)
- Re: explanation and code for stream.c issues Brett Glass (Jan 21)