Mirabiliz ICQ 2002/2003/ LITE 4.0/4.1 LONG (DIRECTORY + FILENAME) EXPLOIT
Mirabiliz ICQ 2002/2003/ LITE 4.0/4.1 LONG (DIRECTORY + FILENAME) EXPLOIT
Found this 'bug' about 1 year n a half ago.
If u drag and drop a folder containing 1 or more file from your computer into
the nick of someone in your contact
list it is possible to send a full directory... The possibility to send a full
directory alredy poses a security risk in my opinion! (Notice that if u click
the nick then click on "send file" it is
only possible to send files, not directories, but dragging and dropping a
folder with files into a nick in your
contact list it is really possible. your "friend" will receive it and will be
able to see only this:
Incoming files: 1 dir, X files
(where x is the number of files contained in the folder)
let´s say the folder name is Dir12 and the first filename is ABCD.EXE and u
dont want your friend to view the
.EXE extension
(notice: your friend will see this file being received as DIR12\ABCD.EXE)
ICQ seems to leave the final file extension hidden if you use capital letters
(caps lock) and if the directory name, the ''\'' separating the dir name from
the file name and the name of the file without the final extension is 30-31
chars long
example:
DIR12\PHOTOS OF ME AND MY AUNT.EXE
Your friend will only see this:
DIR12\PHOTOS OF ME AND MY AUNT
you could also reduce the filename and insert another file extension at the end
of the file, for example a .JPG extension
If you change an executable file properties such as company name, icon and
description you can fool even more paranoid users since they will see 'company
name'= JPEG Image and 'description' = 240x230 (dimensions) and put the JPEG
default icon. as the file is inside a folder, it will not show its final
extension, since by default windows doesn´t show extensions for known file
types.
It seems to even bypass the Windows XP SP2 file execution warning message
impact: Spoof
Solution: upgrade to the latest ICQ Lite version. ICQ PRO was discontinued and
it is vulnerable to this issue. notice that enabling windows explorer to show
files extensions will not completely solve this issue since some files will
continue to keep the extension hidden such as lnk and shs.
ps: I tested it on ICQ 2003a, 2003b , Lite 4.0 and Lite 4.1 on a Windows XP
machine, but I guess previous ICQ versions are also vulnerable on any other
windows version.