CVE-2000-0046
published 2000-01-10CVE-2000-0046: Buffer overflow in ICQ 99b 1.1.1.1 client allows remote attackers to execute commands via a malformed URL within an ICQ message.
PriorityP431high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
7.27%
93.6th percentile
Buffer overflow in ICQ 99b 1.1.1.1 client allows remote attackers to execute commands via a malformed URL within an ICQ message.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mirabilis | icq | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Mirabilis ICQ 0.99b 1.1.1.1/3.19 - Remote Buffer Overflow
exploitdb·2000-01-12
CVE-2000-0046 Mirabilis ICQ 0.99b 1.1.1.1/3.19 - Remote Buffer Overflow
Mirabilis ICQ 0.99b 1.1.1.1/3.19 - Remote Buffer Overflow
---
source: https://www.securityfocus.com/bid/929/info
ICQ is an individual to individual chat network which has clients installed on millions of computers around the world. It is, by far, the most widely used and is vulnerable to a remote buffer overflow. When the Mirabilis ICQ client parses an url recieved from another user _inside of a message_, it does not perform bounds checking on the length of the url. Because of this, it is possible to overwrite the EIP ("instruction pointer", or return address, that was pushed onto the stack when the offending function was first called) and execute arbitrary and possibly malicious code stuffed inside the oversized URL on the target host once the url is clicked on.
Sending the following
Exploit-DB
BSD/OS 2.1 / DG/UX 4.0 / Debian 0.93 / Digital UNIX 4.0 B / FreeBSD 2.1.5 / HP-UX 10.34 / IBM AIX 4.1.5 / NetBSD 1.0/1.1 / NeXTstep 4.0 / SGI IRIX 6.3 / SunOS 4.1.4 - 'rlogin' Local Privilege Escalati
exploitdb·1996-12-04
CVE-1999-0046 BSD/OS 2.1 / DG/UX 4.0 / Debian 0.93 / Digital UNIX 4.0 B / FreeBSD 2.1.5 / HP-UX 10.34 / IBM AIX 4.1.5 / NetBSD 1.0/1.1 / NeXTstep 4.0 / SGI IRIX 6.3 / SunOS 4.1.4 - 'rlogin' Local Privilege Escalati
BSD/OS 2.1 / DG/UX 4.0 / Debian 0.93 / Digital UNIX 4.0 B / FreeBSD 2.1.5 / HP-UX 10.34 / IBM AIX 4.1.5 / NetBSD 1.0/1.1 / NeXTstep 4.0 / SGI IRIX 6.3 / SunOS 4.1.4 - 'rlogin' Local Privilege Escalation
---
/*
source: https://www.securityfocus.com/bid/242/info
The SUID rlogin program is used to establish remote sessions. A buffer overflow condition has been found in the rlogin program that may allow an unauthorized user to gain root access. The overflow in particular is in the rlogin code that handles the TERM enviroment variable. Similar bugs have been known to exist in some telnetd implementations.
NOTE:
The vulnerability was updated august 2, 2000 to reflect certain versions of IRIX to be vulnerable.
*/
/*## copyright LAST STAGE OF DELIRIUM oct 1997 poland *://lsd-pl.net/ #*/
/*##
No writeups or analysis indexed.
2000-01-10
Published