Bugtraq mailing list archives

Re: ICQ remote buffer overflow vulnerability

From: "Nick FitzGerald" <nick () virus-l demon co uk>
Date: Tue, 8 Jan 2002 15:18:10 +1200

Daniel Tan <datan () seas upenn edu> wrote:

Until AOL announces a patch/workaround, it is highly recommended to
restrict receiving of events (other than normal messages) to
contacts you know.


This is just like the old, and equally bogus, "advice" for preventing 
being hit by mass mailing viruses -- "don't open attachments from 
people you don't know".  The implication taken from such advice is 
that attachments from people you do know are necessarily "safe".

Better advice is to implement a method that prevents receipt of such 
requests (or upgrade to the version thought unaffected by the bug).


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

Current thread:

ICQ remote buffer overflow vulnerability Daniel Tan (Jan 07)
- Re: ICQ remote buffer overflow vulnerability Daniel Tan (Jan 07)
- Re: ICQ remote buffer overflow vulnerability elijah wright (Jan 08)
  - Re: ICQ remote buffer overflow vulnerability Daniel Tan (Jan 08)
  - Re: ICQ remote buffer overflow vulnerability 'ken'@FTU (Jan 08)
- Re: ICQ remote buffer overflow vulnerability Nick FitzGerald (Jan 08)