| Apr 22, 2008 |
ICQ Vulnerability US-CERT is aware of public reports of a vulnerability in ICQ 6. This vulnerability is due to a heap buffer overflow condition in the "Personal Status Manager" feature that occurs when processing specially crafted status messages. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users to update to ICQ 6.0.0.6059 to help mitigate the risks. |