Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:11451
HistoryFeb 16, 2006 - 12:00 a.m.

Mirabiliz ICQ 2002/2003/ LITE 4.0/4.1 LONG (DIRECTORY + FILENAME) EXPLOIT

2006-02-1600:00:00
vulners.com
26

Mirabiliz ICQ 2002/2003/ LITE 4.0/4.1 LONG (DIRECTORY + FILENAME) EXPLOIT

Found this 'bug' about 1 year n a half ago.

If u drag and drop a folder containing 1 or more file from your computer into the nick of someone in your
contact
list it is possible to send a full directory… The possibility to send a full directory alredy poses a
security risk in my opinion! (Notice that if u click the nick then click on "send file" it is
only possible to send files, not directories, but dragging and dropping a folder with files into a nick in
your
contact list it is really possible. your "friend" will receive it and will be able to see only this:

Incoming files: 1 dir, X files
(where x is the number of files contained in the folder)

letґs say the folder name is Dir12 and the first filename is ABCD.EXE and u dont want your friend to view the
.EXE extension
(notice: your friend will see this file being received as DIR12\ABCD.EXE)
ICQ seems to leave the final file extension hidden if you use capital letters (caps lock) and if the
directory name, the ''\'' separating the dir name from the file name and the name of the file without the
final extension is 30-31 chars long

example:

DIR12\PHOTOS OF ME AND MY AUNT.EXE

Your friend will only see this:

DIR12\PHOTOS OF ME AND MY AUNT

you could also reduce the filename and insert another file extension at the end of the file, for example a
.JPG extension

If you change an executable file properties such as company name, icon and description you can fool even
more paranoid users since they will see 'company name'= JPEG Image and 'description' = 240x230 (dimensions)
and put the JPEG default icon. as the file is inside a folder, it will not show its final extension, since by
default windows doesnґt show extensions for known file types.

It seems to even bypass the Windows XP SP2 file execution warning message

impact: Spoof

Solution: upgrade to the latest ICQ Lite version. ICQ PRO was discontinued and it is vulnerable to this
issue. notice that enabling windows explorer to show files extensions will not completely solve this issue
since some files will continue to keep the extension hidden such as lnk and shs.

ps: I tested it on ICQ 2003a, 2003b , Lite 4.0 and Lite 4.1 on a Windows XP machine, but I guess previous
ICQ versions are also vulnerable on any other windows version.