Mirabiliz ICQ 2002/2003/ LITE 4.0/4.1 LONG (DIRECTORY + FILENAME) EXPLOIT

[edubp2002 () hotmail com]

Mirabiliz ICQ 2002/2003/ LITE 4.0/4.1 LONG (DIRECTORY + FILENAME) EXPLOIT

Found this 'bug' about 1 year n a half ago.

If u drag and drop a folder containing 1 or more file from your computer into the nick of someone in your contact
list it is possible to send a full directory... The possibility to send a full directory alredy poses a security risk 
in my opinion! (Notice that if u click the nick then click on "send file" it is
only possible to send files, not directories, but dragging and dropping a folder with files into a nick in your 
contact list it is really possible. your "friend" will receive it and will be able to see only this:

Incoming files: 1 dir, X files    
(where x is the number of files contained in the folder)


let´s say the folder name is Dir12 and the first filename is ABCD.EXE and u dont want your friend to view the
.EXE extension
(notice: your friend will see this file being received as DIR12\ABCD.EXE)
 ICQ seems to leave the final file extension hidden if you use capital letters (caps lock)  and if the directory name, 
the ''\'' separating the dir name from the file name and the name of the file without the final extension is 30-31 
chars long
 
example:

 DIR12\PHOTOS OF ME AND MY AUNT.EXE 

Your friend will only see this:

DIR12\PHOTOS OF ME AND MY AUNT

you could also reduce the filename and insert another file extension at the end of the file, for example a .JPG 
extension

If you change an executable file properties such as company name, icon and description you can fool even more paranoid 
users since they will see 'company name'= JPEG Image and 'description' = 240x230 (dimensions) and put the JPEG default 
icon. as the file is inside a folder, it will not show its final extension, since by default windows doesn´t show 
extensions for known file types.

It seems to even bypass the Windows XP SP2 file execution warning message

impact: Spoof 

Solution:  upgrade to the latest ICQ Lite version. ICQ PRO was discontinued and it is vulnerable to this issue. notice 
that enabling windows explorer to show files extensions will not completely solve this issue since some files will 
continue to keep the extension hidden such as lnk and shs.

ps: I tested it on ICQ 2003a, 2003b , Lite 4.0 and Lite 4.1 on a Windows XP machine, but I guess previous ICQ versions 
are also vulnerable on any other windows version.