Summary:  Multiple Internet Security Agencies are reporting the existence of a vulnerability in the popular ICQ communications program.  The most likely method of exploit for this vulnerability is the sending of a maliciously-crafted message to a vulnerable user system.  If successful, the exploit could result in a range of negative outcomes ranging from application crash to total system takeover.  At the time of this writing (9:00 AM 2/28/08) a patch has not yet been made available from the vendor to address this vulnerability.

Recommended Actions:  System administrators, support personnel and ICQ users are encouraged to read the security advisories (safe links provided below) for more information about this vulnerability and to check frequently for an update or patch from ICQ.

Readers are encouraged to share this alert with family, friends, and associates who may use ICQ on their home computers.

ITS Actions:  N/A

Resources:

Secunia Advisory (includes workaround suggestion):
http://secunia.com/advisories/29138/

FrSirt Advisory:
http://www.frsirt.com/english/advisories/2008/0701