Subject: [NEWS] ICQ Greeting Card vulnerability
Date: Fri, 8 Sep 2000 11:40:11 +0200

          ICQ Greeting Card vulnerability
--------------------------------------------------------------------------------

SUMMARY

The  <http://www.icq.com/icqtour/events/greetingcard.html> ICQ Greeting
Card plugin makes the chore of having to send greetings for all those
special occasions an easy one. The plugin, though, contains a
vulnerability that allows a remote attacker to launch a Denial-of-Service
attack against the machine.

DETAILS

The ICQ Greeting Card service allows HTML commands to be sent to the
target user. Any malicious HTML such as file:///c:/con/con can crash the
system or exploit other HTML based vulnerabilities.

<meta http-equiv="REFRESH" content="3; URL=file:///c:/con/con">

If you write this in message box target computer should be crash in 3
seconds.

ADDITIONAL INFORMATION

The information has been provided by  <mailto:meliksah@meliksah.net>
meliksah.

========================================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.