ICQ Client Cross-Application Scripting (XAS) by QQlan@yandex.ru
Potential Impact: Remote script execution
ICQ client in some condition is vulnerable to remote script injection into used Internet Explorer in My Computer Security Zone.
ICQ Client has very annoying advertising function. Banners are displayed in Internet Explorer COM object embedded in main window, “Welcome Screen” and every “Message Session” dialogs. In some condition attacker can replace HTML content in this forms with malicious script which will executed in My Computer security zone of Internet Explorer.
Technical information will be published (three months maybe years) after the vendor provide a patch.
echo 127.0.0.1 ar.atwola.com >> c:\WINDOWS\system32\drivers\etc\hosts
Disclosure timeline 5/2005 Vulnerability discovered 4/2006 Last attempt to contact vendor 5/2006 Public disclosure
References http://www.security.nnov.ru/Jdocument281.html http://www.securitylab.ru/contest/212127.php