COMMAND

    ICQ

SYSTEMS AFFECTED

    ICQ

PROBLEM

    Following is based on a  Strumpf Noir Society Advisory.   WebFront
    is a plugin  for Mirabilis' ICQ  messaging program which  allows a
    user to setup a web page through ICQ.

    The web server on which this plugin relies is susceptible to a DoS
    attack through a malformed GET request.  If this request  contains
    86 or more %'s or  combinations of %'s with other  characters (for
    example ascii encoded  dots or backslashes)  the ICQ program  will
    begin consuming 100% cpu and will become unresponsive.

    A restart of the program is required to regain full functionality.

    This was tested against ICQ2000b Build 3278 running on MS Win2k.

SOLUTION

    This problem has been brought to the vendors attention, however no
    fixes appear to be forthcoming at this time, we were only able  to
    get a "your message has been forwarded to the appropiate  address"
    response.