CVE-2006-5724 in ICQ
Summary
by MITRE
Heap-based buffer overflow the "Answering Service" function in ICQ 2003b Build 3916 allows local users to cause a denial of service (application crash) via a long string in the "AwayMsg Presets" value in the ICQ\ICQPro\DefaultPrefs\Presets registry key.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 04/26/2026
The vulnerability identified as CVE-2006-5724 represents a critical heap-based buffer overflow flaw within the Answering Service functionality of ICQ 2003b Build 3916. This security weakness resides in the application's handling of user-defined preset messages, specifically within the AwayMsg Presets configuration value stored in the Windows registry. The vulnerability manifests when the application processes a maliciously crafted string that exceeds the allocated buffer size during the parsing of the ICQ\ICQPro\DefaultPrefs\Presets registry key. The heap-based nature of this overflow indicates that memory allocation occurs dynamically during runtime, making the exploitation pattern particularly dangerous as it can lead to unpredictable memory corruption.
The technical implementation of this vulnerability involves the insecure manipulation of registry-based configuration data through the Answering Service component. When ICQ processes the AwayMsg Presets value, it fails to properly validate or limit the length of input strings before copying them into fixed-size memory buffers allocated on the heap. This classic buffer overflow condition occurs because the application does not perform adequate bounds checking on the user-provided string data, allowing an attacker to overwrite adjacent memory locations with excessive data. The specific registry path ICQ\ICQPro\DefaultPrefs\Presets indicates that this vulnerability affects the configuration persistence mechanism of the application's answering service feature.
From an operational perspective, this vulnerability enables local users to execute a denial of service attack against the ICQ application, causing application crashes and system instability. The impact extends beyond simple service interruption as the heap corruption can potentially lead to more severe consequences including arbitrary code execution or system compromise. The local privilege requirement means that an attacker must already have access to the target system to exploit this vulnerability, but the potential for escalation exists if the application runs with elevated privileges. The nature of the vulnerability suggests that it could be leveraged as part of a broader attack chain targeting the target system.
Mitigation strategies for this vulnerability should focus on immediate application patching and registry key validation. System administrators should ensure that all instances of ICQ 2003b are updated to the latest available version that addresses this buffer overflow issue. Additionally, implementing registry key permissions controls can help prevent unauthorized modification of the affected registry path. The vulnerability aligns with CWE-121, heap-based buffer overflow, and represents a classic example of insufficient input validation that violates security best practices. Organizations should also consider implementing application whitelisting controls and monitoring for unusual registry modifications in the ICQ configuration paths. This vulnerability demonstrates the importance of proper input validation and memory management practices in client-side applications, particularly those that process user-controllable configuration data. The ATT&CK framework categorizes this as a privilege escalation technique through application misconfiguration, highlighting the need for comprehensive security testing of application configuration handling mechanisms.