CVE-2006-5724

Name of the Vulnerable Software and Affected Versions: ICQ version 2003b Build 3916

Description: A heap-based buffer overflow issue exists in the Answering Service function, allowing local users to cause a denial of service, resulting in an application crash. This can be achieved by inputting a long string in the AwayMsg Presets value, located in the ICQICQProDefaultPrefsPresets registry key.

Recommendations: For ICQ version 2003b Build 3916, as a temporary workaround, consider disabling the Answering Service function until a patch is available. Restrict access to modifying the AwayMsg Presets value in the registry key to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.