COMMAND

    ICQ2000a

SYSTEMS AFFECTED

    ICQ2000A ICQwebmail temparary internet link

PROBLEM

    Gert Fokkema found  following.  When  reading or sending  an email
    using the ICQmailclient  (http://www.icqmail.com) with ICQ2000A  a
    temparary  internet  link  is  created  in  the  default temparary
    directory, containing the  user ID and  encrypted password.   This
    temparary internet link  is NEVER deleted,  not even when  signing
    off from  ICQwebmail, disconnect  from ICQ  or closing  ICQ.  When
    opening the temparary internet link, ANY user is able to login  to
    the ICQmail webaccount, and is able to read, write and change  any
    emailmessage or even preferences.

    Any user using a shared  computer can open the temparary  internet
    link located in the default TEMP directory and use the  ICQwebmail
    to read, write email and change preferences.

    Example:

        Name=icq91.url
        Location=C:\TEMP

    An example of the temparary internet link looks like this:

        [InternetShortcut]
        URL=http://cf.icq.com/cgi-bin/icqmail/write.pl5?uname=gertfokkema&pwd=12345678

    Note: this temparary  internet link is  NOT deleted by  ICQ or IE5
    in any way!!

SOLUTION

    Automatically /  manually delete  ALL items  in the  users default
    TEMP directory after logging out of the computer.