virus logo Intrusion Prevention

ISS.PAM.ICQ.Buffer.Overflow

description-logoDescription

This indicates an attempt to exploit a buffer overflow vulnerability in the ISS (Internet Security Systems) Protocol Analysis Module Component for ICQ.
The vulnerability is due to the PAM (Protocol Analysis Module) component's failure to boundary check ICQ server responses while parsing ICQ packets. The boundary checking fails when parsing 1) nickname, (2) firstname, (3) lastname, or (4) email address fields embedded within ICQ response data. A remote attacker can cause memory corruption by sending a specially crafted response packet with a source port of 4000/UDP. The vulnerability may allow an attacker to execute arbitrary code on a vulnerable system.

affected-products-logoAffected Products

RealSecure Network 7.0 XPU 22.11 and before
RealSecure Server Sensor 7.0 XPU 22.11 and before
RealSecure Server Sensor 6.5 for Windows SR 3.10 and before
Proventia A Series XPU 22.11 and before
Proventia G Series XPU 22.11 and before
Proventia M Series XPU 1.9 and before
RealSecure Desktop 7.0 ebl and before
RealSecure Desktop 3.6 ecf and before
RealSecure Guard 3.6 ecf and before
RealSecure Sentry 3.6 ecf and before
BlackICE Agent for Server 3.6 ecf and before
BlackICE PC Protection 3.6 ccf and before
BlackICE Server Protection 3.6 ccf and before

Impact logoImpact

System compromise: remote code execution.

recomended-action-logoRecommended Actions

Upgrade to one of following versions:
RealSecure Network 7.0 XPU 22.12
RealSecure Server Sensor 7.0 XPU 22.12
Proventia A Series XPU 22.12
Proventia G Series XPU 22.12
Proventia M Series XPU 1.10
RealSecure Desktop 7.0 ebm
RealSecure Desktop 3.6 ecg
RealSecure Guard 3.6 ecg
RealSecure Sentry 3.6 ecg
BlackICE Agent for Server 3.6 ecg
RealSecure Server Sensor 6.5 for Windows SR 3.11
BlackICE PC Protection 3.6 ccg
BlackICE Server Protection 3.6 ccg

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2019-10-24 14.710 Sig Added
ID 10343
Created Aug 01, 2005
Updated May 04, 2022
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2004-0362
Exploit Prediction Score 96.16%
Default Action drop
Active
Affected OS Windows
Affected App Other