ICQLite executable trojaning

2003-05-29T00:00:00
ID SECURITYVULNS:DOC:4609
Type securityvulns
Reporter Securityvulns
Modified 2003-05-29T00:00:00

Description

bugtraq@,

Title: ICQ Lite executable trojaning Affected: ICQLite 2003a Vendor: ICQ Inc Vendor URL: http://www.icq.com Risk: Average Exploitable: Yes Remote: No Date: May, 29 2003 Advisory URL: http://www.security.nnov.ru/advisories/icqlite.asp

I. Intro:

ICQ Lite is popular internet messenger software. This is only ICQ version which requires no elevated privileges (such as Power User) to work, so, it's often used by corporate users and on public computers.

II. Problem:

During installation ICQLite silently adds

Intercative Users: Full Control

ACE to ACLs for Program Files\ICQ Lite directory.

It makes it possible to replace any executable file in this directory and to obtain privileges of user launching ICQ Lite.

III. Workaround

Replace "Full Control" with "Change" permission for installation directory and to "Read" permissions for all executable files (.exe and .dll's).

-- http://www.security.nnov.ru /\_/\ { , . } |\ +--oQQo->{ ^ }<-----+ \ | ZARAZA U 3APA3A } +-------------o66o--+ / |/ You know my name - look up my number (The Beatles)