-possible- Bufferoverflow in ICQ 2001b

["tsr" <tsr_hacc () gmx net>]

Bufferoverflow in ICQ 2001b
---------------------------
by tSR
tsr_hacc () gmx net

Summary:
--------

Loading manipulated picture in Userdetails will crash ICQ.
Only ICQ Version 2001b Build # 3659 was tested with Windows 98SE.


The Orginal File(picoriginal.jpg):

000000A0 0011 0800 7E00 7803 0122 0002 1101 0311 ....~.x.."......
                |__________|
Here Stands the height and width of the .jpg file.


The Manipulated File(picmanipulated.jpg):

000000A0 0011 08FF FFFF FFFF 0122 0002 1101 0311 ........."......


It works like Overflow in RealPlayer some days ago.


Example:
--------

1. Unpack the attached picmanipulated.jpg file.
2. Start ICQ and go to ICQ -> View / Change My Details.
3. Go to Picture and Browse to the picmanipulated.jpg file and click on OK.

If your System/ICQ is vuln. ICQ will crash.


PS: If ICQ crashes start it again and check if the pic is not saved.
If it is saved ICQ will crash again, you must go to your ICQ directory
and delete the InfoYOURICQNUMBER.dat in the Plugins folder.
(e.g.: C:\Programme\ICQ\Plugins\Info\Info1234567890.dat)


Oh yes before i forget it: I know that i have not a perfect english. ;)


tSR


grtz to all who know me :)

Attachment: icqpicvuln.zip
Description: