ICQ Client Cross-Application Scripting (XAS)

2006.05.12
Credit: 3APA3A (3APA3A SECURITY NNOV RU)
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2006-2303
CWE: CWE-Other


CVSS Base Score: 6.4/10
Impact Subscore: 4.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: None

QQLan QQlan (at) yandex (dot) ru [email concealed] reported vulnerability in multiple versions of ICQ Inc.' ICQ instant messenger client in a way it interacts with Microsoft Internet Explorer. Author: QQlan <QQlan (at) yandex (dot) ru [email concealed]> Title: ICQ Client Cross-Application Scripting (XAS) Vendor: ICQ Inc. Application: ICQ Versions: up to and including 5.04 build 2321 Vulnerability class: man-in-the-middle, against client Vulnerability type: cross application scripting (My Computer zone) Risk level: low (high, if unsecured shared network is used) Intro: ICQ is probably most popular instant messaging application by ICQ Inc. Description: Under some conditions, ICQ client is vulnerable to remote script injection into My Computer Security Zone of Internet Explorer component used to display advertisement banners. Detailed description: <quote src=http://www.security.nnov.ru/Jdocument327.html> Cross application scripting (XAS) is possible when an application executes data in a security context different from the original content (presumably one with less security restrictions). For example the data may be obtained from an un-trusted source (a remote web server) that is sent unfiltered into a trusted application such as when web content is downloaded from a remote server, and then re-displayed on the local host. Any application that downloads and then later displays and executes web content (such as JavaScript) may be vulnerable to XAS. </quote> ICQ Client has very annoying advertising function. Banners are displayed inside Internet Explorer COM object embedded into main window, ?Welcome Screen? and every ?Message Session? dialogs. Under some condition attacker can replace HTML content in this forms with malicious script which will be executed in My Computer security zone of Internet Explorer. Technical information will be published (three months maybe years later) after vendor provide a patch. Workaround: 1. Press Ctrl+Shift+Esc 2. In File/Run menu type cmd.exe 3. In cmd.exe console type echo 127.0.0.1 ar.atwola.com >> %SystemRoot%system32driversetchosts Disclosure timeline: 5/2005 Vulnerability discovered 4/2006 Last attempt to contact vendor 5/2006 Public disclosure -- /3APA3A http://www.security.nnov.ru/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top