Vulnerability Note VU#947254
Internet Security Systems Protocol Analysis Module (PAM) does not properly handle ICQ server response messages
The Protocol Analysis Module (PAM) used by Internet Security Systems (ISS) intrusion detection and prevention products does not properly handle ICQ server response messages. An unauthenticated, remote attacker could execute arbitrary code by sending a specially crafted UDP packet.
ISS intrusion detection and prevention products include a component that performs application layer inspection of the ICQ protocol. From the ISS Alert:
The Protocol Analysis Module (PAM) facilitates the parsing of network protocols in order to perform further analysis and attack detection. ICQ is a popular instant messaging application developed by ICQ Inc., a subsidiary of America Online. In order to detect attacks targeting instant messaging software, PAM parses several IM protocols including ICQ.
As noted in the ISS Alert, ISS Proventia, RealSecure, and BlackICE products share the vulnerable PAM code.
An unauthenticated, remote attacker could execute arbitrary code with the privileges of the process running the PAM. RealSecure and BlackICE products run on Microsoft Windows platforms with SYSTEM privileges.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Internet Security Systems Inc.||Affected||-||22 Mar 2004|
CVSS Metrics (Learn More)
This vulnerability was reported by eEye Digital Security.
This document was written by Art Manion and Jason A. Rafail.
- CVE IDs: CVE-2004-0362
- Date Public: 08 Mar 2004
- Date First Published: 20 Mar 2004
- Date Last Updated: 12 Jun 2009
- Severity Metric: 30.44
- Document Revision: 42
If you have feedback, comments, or additional information about this vulnerability, please send us email.