Sebastian Cufre

**Name of the Vulnerable Software and Affected Versions** AOL ICQ Toolbar version 1.3 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the RSS Feed module. These vulnerabilities allow remote attackers to execute arbitrary web script or HTML within the Feeds interface context. The attack can be carried out via the `title` and `description` elements within an `item` element in an RSS feed. **Recommendations** For AOL ICQ Toolbar version 1.3, as a temporary workaround, consider disabling the RSS Feed module until a patch is available. Restrict access to the Feeds interface to minimize the risk of exploitation. Avoid using the `title` and `description` elements within RSS feeds in the affected module until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** AOL ICQ Toolbar version 1.3 for Internet Explorer **Description** The issue arises from improper validation of the origin of the configuration web page, specifically options2.html, which can be exploited by remote attackers to trick users into reconfiguring the toolbar by presenting disguised checkboxes. **Recommendations** For AOL ICQ Toolbar version 1.3, consider restricting access to the configuration web page options2.html until a proper fix is applied to prevent reconfiguration by disguised checkboxes.

**Name of the Vulnerable Software and Affected Versions** AOL ICQ Pro version 2003b Build 3916 and earlier **Description** The issue is related to a heap-based buffer overflow in the MCRegEx Search function. This allows remote attackers to execute arbitrary code via an inconsistent length field of a Message in a 0x2711 Type-Length-Value (TLV) type. **Recommendations** For AOL ICQ Pro version 2003b Build 3916 and earlier, consider disabling the MCRegEx Search function as a temporary workaround until a patch is available. Restrict access to the function to minimize the risk of exploitation.