Naughty JavaScript can be planted in IM status messages

This forum is for related Instant Messaging threats for all IM clients

Moderators: Admin Team, Moderators

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Naughty JavaScript can be planted in IM status messages

Postby TeMerc » Thu Jul 28, 2011 9:34 am

Security shortcomings in both ICQ instant messenger for Windows and the ICQ website create a possible mechanism for account hijacking, a security researcher warns.

Levent Kayan warns that the software fails to screen against the inclusion of JavaScript code in user-supplied status messages. The shortcoming means that this JavaScript code might be run on a victim's machine providing they are tricked into opening the booby-trapped status message using a vulnerable ICQ client.
nwz Continued @ The Register
Image

Return to “IM Threat Center”

Who is online

Users browsing this forum: No registered users and 1 guest