Core Security Advises
Core Security Technologies issued advisories disclosing multiple vulnerabilities
BOSTON -- Core Security Technologies, provider of CORE IMPACT, the first-to-market penetration testing product for assessing specific information security risks, today issued advisories disclosing multiple vulnerabilities that could severely impact the more than 160 million registered users of America Online’s ICQ global instant-messaging service. Researchers from CoreLabs, the research arm of Core Security, discovered that, by exploiting these vulnerabilities, an attacker could execute code and take control of a user’s computer.
AOL recommends that ICQ users immediately upgrade to ICQ version 5.1 to protect themselves from exploitation. Specifically, the vulnerabilities affect:
* ICQ Pro 2003b Build #3916 and previous versions: The ICQ Pro2003b client works with AOL’s Instant Messenger (AIM) and AOL services. The latest version of ICQ Pro 2003b, Build #3916, was released in October 2005 and is still available for download from ICQ’s Web site.
* ICQ Toolbar 1.3 for Internet Explorer: This toolbar provides several features, including search, pop-up blocker, ICQmail notifier and RSS feeds. The toolbar is one of the various products offered by ICQ and it is currently available for download at ICQ.com.
“These vulnerabilities could present a significant security risk to millions of ICQ users and it is essential that users take the appropriate steps to ensure that they are properly protected. This is a good example of why client-side vulnerabilities in desktop software are a real and present danger that should be identified and addressed diligently,” said Iván Arce, CTO at Core Security Technologies.
Read more about:
2006About the Author(s)
You May Also Like
Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024Finding Your Way on the Path to Zero Trust
May 22, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024