Whenever the victim receives an e-mail from another user, it comes laden with ICQ. As per the security cautionary from the Zero Day Initiative, hackers employ an avatar - an image of the user - as the striking agent.
The exposed function then aims a particular URL's file parameter to transfer and run surreptitiously under the context of the executing user. Effective infiltration permits implementation of the particular code. The exposure in ActiveX control is perpetrated owing to a craft flaw in the ICQPhone.SipxPhoneManager in the "DownloadAgent" function that identifies the target's address and then transfers and runs the marked file.
The fault has emerged in version 5.1, though other variants may also be impacted. After that, the program can be run with the target's rights. Investigators of TippingPoint cautioned America Online ICQ computer users regarding a flaw that permits hackers to penetrate software onto the target's computer through a simple e-mail.
0 kommentar(er)
