Security shortcomings in both ICQ instant messenger for Windows and the ICQ website create a possible mechanism for account hijacking, a security researcher warns.
Levent Kayan warns that the software fails to screen against the inclusion of JavaScript code in user-supplied status messages. The shortcoming means that this JavaScript code might be run on a victim's machine providing they are tricked into opening the booby-trapped status message using a vulnerable ICQ client.
Naughty JavaScript can be planted in IM status messages
Moderators: Admin Team, Moderators
- TeMerc
- Site Admin
- Posts: 15995
- Joined: Fri Jan 28, 2005 5:16 pm
- Area Of Expertise: Security
- experience: I know the functions, OS settings, registry tweaks and more
- PC time: What else is there in life?
- Location: PHX, AZ
- Contact:
Naughty JavaScript can be planted in IM status messages

Who is online
Users browsing this forum: No registered users and 2 guests