CenterICQ IJHook.CC Remote Buffer Overflow Vulnerability

Bugtraq ID:	21932
Class:	Boundary Condition Error
CVE:	CVE-2007-0160
Remote:	Yes
Local:	No
Published:	Jan 08 2007 12:00AM
Updated:	Jan 25 2007 04:31PM
Credit:	Lolek and Roflek of TK53 are credited with the discovery of this vulnerability.
Vulnerable:	Konst CenterICQ 4.21 Konst CenterICQ 4.20 Konst CenterICQ 4.14 Konst CenterICQ 4.13 Konst CenterICQ 4.12 Konst CenterICQ 4.9.12 Konst CenterICQ 4.9.11 Gentoo Linux
Not Vulnerable:

CenterICQ IJHook.CC Remote Buffer Overflow Vulnerability

CenterICQ is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

This issue affects versions 4.9.11 up to 4.21.0.

CenterICQ IJHook.CC Remote Buffer Overflow Vulnerability

The following proof of concept is available:

• /data/vulnerabilities/exploits/21932.txt

CenterICQ IJHook.CC Remote Buffer Overflow Vulnerability

Solution:
Please see the referenced advisories for details on obtaining and applying the appropriate updates.

CenterICQ IJHook.CC Remote Buffer Overflow Vulnerability

References:

• CenterICQ Homepage (konst )
  
• TK53 Advisory #1: CenterICQ remote DoS buffer overflow in LiveJournal handling ([email protected]>)