Security shortcomings in both ICQ instant messenger for Windows and the ICQ website create a possible mechanism for account hijacking, a security researcher warns.
Levent Kayan warns that the software fails to screen against the inclusion of JavaScript code in user-supplied status messages. The shortcoming means that this JavaScript code might be run on a victim's machine providing they are tricked into opening the booby-trapped status message using a vulnerable ICQ client.
Continued @ The Register
