ICQ Banner Ad Cross-Application Scripting Vulnerability
BID:17913
Info
ICQ Banner Ad Cross-Application Scripting Vulnerability
| Bugtraq ID: | 17913 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-2303 |
| Remote: | Yes |
| Local: | No |
| Published: | May 09 2006 12:00AM |
| Updated: | Feb 20 2007 08:28PM |
| Credit: | QQLan <[email protected]> is credited with the discovery of this vulnerability. |
| Vulnerable: |
Icq ICQ 5.04 build 2321 Icq ICQ 5.03 Icq ICQ 5.02 Icq ICQ 4.14 Icq ICQ 4.13 |
| Not Vulnerable: | |
Discussion
ICQ Banner Ad Cross-Application Scripting Vulnerability
ICQ is prone to a cross-application scripting vulnerability. This issue is a result of the application accessing content in a different and presumably higher security context than the original content.
An attacker can exploit this issue to have arbitrary attacker-supplied HTML or JavaScript executed on a victim user's computer in the 'My Computer' security zone.
ICQ is prone to a cross-application scripting vulnerability. This issue is a result of the application accessing content in a different and presumably higher security context than the original content.
An attacker can exploit this issue to have arbitrary attacker-supplied HTML or JavaScript executed on a victim user's computer in the 'My Computer' security zone.
Exploit / POC
ICQ Banner Ad Cross-Application Scripting Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
ICQ Banner Ad Cross-Application Scripting Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
ICQ Banner Ad Cross-Application Scripting Vulnerability
References:
References:
- ICQ Homepage (ICQ Inc.)
- ICQ Client Cross-Application Scripting (XAS) (3APA3A <[email protected]>)