DOS for Icq 2001&2002

[Michael <spacoom () gmx net>]

Icq2001b & Icq2002a Denial Of Service
---------------------------------------------------

If you send a malicious "contact" message, you can 
freeze target icq.

Let's look at the contact packet (taken from Massimo 
Melina documentation)

contacts-msg content is:
contacts number
0xFE 
uin
0xFE 
nick
0xFE
uin
0xFE
nick
...
and so on

if we set contacts number to lets say 65535 and will 
send such packet, then target icq stop responding. 
Task manager shows, that icq takes more and more 
memory, until you kill it or it will eat all system 
resources.

Proof of concept: 
http://www.spacoom.net/dfm/DFM.exe

Fix: at this time - disable receiving contacts from 
everyone (including your contact list)

AOL as always instead of patching the bug, trying to 
threaten me, you can find there letter at 
http://www.spacoom.net/dfm/aol.txt


Michael.