Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:4609
HistoryMay 29, 2003 - 12:00 a.m.

ICQLite executable trojaning

2003-05-2900:00:00
vulners.com
195

bugtraq@,

Title: ICQ Lite executable trojaning
Affected: ICQLite 2003a
Vendor: ICQ Inc
Vendor URL: http://www.icq.com
Risk: Average
Exploitable: Yes
Remote: No
Date: May, 29 2003
Advisory URL: http://www.security.nnov.ru/advisories/icqlite.asp

I. Intro:

ICQ Lite is popular internet messenger software. This is only ICQ
version which requires no elevated privileges (such as Power User) to
work, so, it's often used by corporate users and on public computers.

II. Problem:

During installation ICQLite silently adds

Intercative Users: Full Control

ACE to ACLs for Program Files\ICQ Lite directory.

It makes it possible to replace any executable file in this directory
and to obtain privileges of user launching ICQ Lite.

III. Workaround

Replace "Full Control" with "Change" permission for installation
directory and to "Read" permissions for all executable files (.exe and
.dll's).


http://www.security.nnov.ru
/\_/\
{ , . } |\
±-oQQo->{ ^ }<-----+ \
| ZARAZA U 3APA3A }
±------------o66o–+ /
|/
You know my name - look up my number (The Beatles)