TITLE:
ICQ File Transfer Directory Traversal Vulnerability

SECUNIA ADVISORY ID:
SA24803

VERIFY ADVISORY:
http://secunia.com/advisories/24803/

CRITICAL:
Less critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
ICQ 5.x
http://secunia.com/product/9856/

DESCRIPTION:
A vulnerability has been reported in ICQ, which potentially can be
exploited by malicious users to compromise another user’s system.

For more information:
SA24747

NOTE: ICQ reportedly warns users on file transfers, requires that a user
is on the contact list of the target, and does not overwrite existing
files without a prompt.

The vulnerability is reported in version 5.1. Other versions may also be
affected.

SOLUTION:
ICQ clients are reportedly patched via automatic updates.

PROVIDED AND/OR DISCOVERED BY:
Discovered by an anonymous person and reported via iDefense Labs.

ORIGINAL ADVISORY:
iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=508

OTHER REFERENCES:
SA24747:
http://secunia.com/advisories/24747