LICQ Hostile URL Command Execution Vulnerability
BID:2445
Info
LICQ Hostile URL Command Execution Vulnerability
| Bugtraq ID: | 2445 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 14 2001 12:00AM |
| Updated: | Feb 14 2001 12:00AM |
| Credit: | Wolter Kamphuis <[email protected]> on Feb 14, 2001. |
| Vulnerable: |
LICQ LICQ 1.0.2 LICQ LICQ 1.0.1 LICQ LICQ 0.85 |
| Not Vulnerable: | |
Discussion
LICQ Hostile URL Command Execution Vulnerability
LICQ is an ICQ-compatible interactive messaging client for Unix. Versions of LICQ are vulnerable to remote execution of arbitrary commands embedded in URLs.
A maliciously-composed URL containing shell metacharacters and shell commands can be sent in an instant message by an attacker.
When the LICQ user clicks this link, the hostile code contained in the URL will execute with the privilege level of the user running LICQ.
LICQ is an ICQ-compatible interactive messaging client for Unix. Versions of LICQ are vulnerable to remote execution of arbitrary commands embedded in URLs.
A maliciously-composed URL containing shell metacharacters and shell commands can be sent in an instant message by an attacker.
When the LICQ user clicks this link, the hostile code contained in the URL will execute with the privilege level of the user running LICQ.