Core Security Advises

BOSTON -- Core Security Technologies, provider of CORE IMPACT, the first-to-market penetration testing product for assessing specific information security risks, today issued advisories disclosing multiple vulnerabilities that could severely impact the more than 160 million registered users of America Online’s ICQ global instant-messaging service. Researchers from CoreLabs, the research arm of Core Security, discovered that, by exploiting these vulnerabilities, an attacker could execute code and take control of a user’s computer.

AOL recommends that ICQ users immediately upgrade to ICQ version 5.1 to protect themselves from exploitation. Specifically, the vulnerabilities affect:

* ICQ Pro 2003b Build #3916 and previous versions: The ICQ Pro2003b client works with AOL’s Instant Messenger (AIM) and AOL services. The latest version of ICQ Pro 2003b, Build #3916, was released in October 2005 and is still available for download from ICQ’s Web site.

* ICQ Toolbar 1.3 for Internet Explorer: This toolbar provides several features, including search, pop-up blocker, ICQmail notifier and RSS feeds. The toolbar is one of the various products offered by ICQ and it is currently available for download at ICQ.com.

“These vulnerabilities could present a significant security risk to millions of ICQ users and it is essential that users take the appropriate steps to ensure that they are properly protected. This is a good example of why client-side vulnerabilities in desktop software are a real and present danger that should be identified and addressed diligently,” said Iván Arce, CTO at Core Security Technologies.

Core Security Technologies