Short Name |
CHAT:ICQ:ISS-BLACKICE-OF |
---|---|
Severity |
Critical |
Recommended |
No |
Recommended Action |
Drop |
Category |
CHAT |
Keywords |
ISS BlackIce ICQ Decoder META_USER Buffer Overflow |
Release Date |
2004/03/24 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in the ICQ decoder on ISS BlackIce network devices. Attackers can remotely execute arbitrary code.
It has been reported that the Internet Security Systems (ISS) Protocol Analysis Module is prone to a remote buffer overflow vulnerability when parsing the ICQ protocol. This issue exists due to insufficient bounds checking performed on certain unspecified ICQ protocol fields supplied in ICQ response data. Successful exploitation of this issue may allow a remote attacker to execute arbitrary code on a vulnerable system in order to gain unauthorized access. This attack would occur in the context of the vulnerable process. This module is used to parse network protocols and is included in a number of products provided by ISS, including various RealSecure and BlackICE releases.