Core Security Technologies has released an advisory describing a serious vulnerability in older version of this client software. If exploited, the vulnerability can lead to full system compromise. Users should urgently upgrade to the latest version of the software though they will lose this 'classical look'.
The flaw concerns ICQ Pro 2003b, build 3916 and older. The 2003b version is still available for download from ICQ for users who like the old feel. The bug is not found in newer versions of the software such as the current 5.1.
The vulnerability is insidious because all you need to do to get attacked is to connect to an IM service using a vulnerable client. This allows the attacker to send you a maliciously encoded instant message, allowing them to execute malicious software on your computer. The flaw is a usual heap overflow type, and attacks can succeed because the IM client fails to check the sanity of the packages it receives. All the sordid details are available on Core's site - link below.
Core Technologies have also identified some less serious vulnerabilities in this software that you can read about on their web site.
Related links: (Open in a new window.)
www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1509
Taken from Information Security Bulletin.