ICQ HTML Injection Glitch Affecting Everybody, Everywhere

Have you ever made use of the popular instant messaging system called ICQ? I know that when I first started using the internet a good couple of years back, I also used to make use of the ICQ messaging system to chat to my friends. This was long before Facebook even existed. Over the years ICQ has provided its' users with many new and exciting features. Today as things stand, you can make use of ICQ to do voice chats and interact via text messages, videos as well as VOIP. ICQ has built itself up to be a wonderful, user friendly as well as modern instant messaging service, catering for users across the world. Those who are familiar with the ICQ icon will recognize the green flower straight away. Next to the green flower icon is the slogan: "everybody, everywhere". Unfortunately this slogan is also applicable to the people that the latest ICQ vulnerability affects.

I am sorry to have to be the one to break it to you, but it was reported that ICQ is prone to an incoming message HTML injection vulnerability. This is unfortunately caused by the factor that the application doesn't perform correctly when it comes to the input supplied by the user before it is used in generated content. Malicious HTML and script code could be run in the affected browser of the victim. This will aid the attacker in stealing authentication credentials that are cookie based. This will give the malicious online attacker the opportunity to control the site and gain access to highly confidential information.

Another form of attack that ICQ is vulnerable to is spoofing attacks. This means that a malicious attacker could duplicate the ICQ website making it look identical to the original version. The malicious online attacker may then, with all intents and purposes, mislead the victim into clicking on a certain link that was especially created and set up as a trap for the victim.

When ICQ is working effectively, it is a wonderful and easy to use messaging system that may prove more users friendly in comparison to other instant messaging services. Some of the files of the ICQ messaging system include the following: toolbaru.dll as well as 00000054.ewi. The versions of ICQ that are vulnerable include ICQ version ICQ 6.5 build 1042 (latest build). It is vital for users to be aware of the factor that other ICQ versions may also be affected by this vulnerability. At this point there is no fix available, but one may be available soon. In the meantime users can make sure they are using the best version possible and install the new version as soon as one becomes available.