WelcomeEnterpriseSmall BusinessHome & Home OfficePartnersAbout Symantec
June 30, 2003
Intruder Alert 3.6 W2K Instant Messaging Activity Policy

This policy contains rules that detect activity associated with various instant messaging (IM) applications. The IM applications covered include AOL, Yahoo, MSN, and ICQ. Other applications include mIRC (Internet Relay Chat) and Trillian's comprehensive IM program.

The wide use and convenience of instant messaging programs in enterprise networks creates a major security risk to organizations. Although many firms feel most IM applications are secure, most of the more popular ones have little to no installed security features. These applications introduce numerous security risks to the data confidentiality and network availability of an organization.

Download ITA W2K_Instant_Messaging_Activity Policy

Affected Platforms

Windows 2000 (All Versions)

Description

This policy detects the installation and session activity of various instant messaging (IM) applications. This policy should be applied to all Windows 2000 systems.

AOL Instant Messenger (AIM)

Policy Rules for AOL Instant Messenger (AIM) include:

  • AOL IM Installed
    This rule detects the installation of AOL Instant Messenger (AIM).

  • AOL IM Started
    This rule detects the starting of an AOL Instant Messenger (AIM) process.

Notable vulnerabilities for AOL Instant Messenger (AIM) include the following:

AOL Instant Messenger %s DoS Vulnerability
Reference: http://www.securityfocus.com/bid/1747

AOL Instant Messenger BuddyIcon Buffer Overflow Vulnerability
Reference: http://www.securityfocus.com/bid/2122

AOL Instant Messenger Remote Buffer Overflow
Reference: http://www.securityfocus.com/bid/3769

AOL Instant Messenger Arbitrary File Creation Vulnerability
Reference: http://www.securityfocus.com/bid/4526

AOL Instant Messenger Data Interception Vulnerability
Reference: http://www.securityfocus.com/bid/4574

AOL Instant Messenger AddBuddy Hyperlink Vulnerability
Reference: http://www.securityfocus.com/bid/4709

Yahoo! Instant Messenger

Policy Rules for Yahoo Instant Messenger include:

  • Yahoo! IM Installed
    This rule detects the installation of Yahoo Instant Messenger.

  • Yahoo! IM Started
    This rule detects the starting of a Yahoo Instant Messenger process.

Notable vulnerabilities for Yahoo! Instant Messenger includes the following:

Yahoo! Messenger Call Center Buffer Overflow Vulnerability
Reference: http://www.securityfocus.com/bid/4837

Yahoo! Instant Messenger Script Injection Vulnerability
Reference: http://www.securityfocus.com/bid/4838

Yahoo! Messenger IMvironment Field Overflow Vulnerability
Reference: http://www.securityfocus.com/bid/4163

Yahoo! Messenger Message Field Overflow Vulnerability
Reference: http://www.securityfocus.com/bid/4162

MSN Messenger

Policy Rules for MSN Messenger include:

  • MSN Messenger Installed
    This rule detects the installation of MSN Messenger.

  • MSN Messenger Started
    This rule detects the starting of an MSN Messenger process.

Notable vulnerabilities for MSN Messenger include the following:

Microsoft MSN ActiveX Object Information Disclosure Vulnerability
Reference: http://www.securityfocus.com/bid/4028

Microsoft MSN Messenger Message Spoofing Vulnerability
Reference: http://www.securityfocus.com/bid/4316

ICQ

Policy Rules for ICQ include:

  • ICQ Installed
    This rule detects the installation of ICQ.

  • ICQ Started
    This rule detects the starting of an ICQ process.

Notable vulnerabilities for ICQ include the following:

Mirabilis ICQ Remote Buffer Overflow Vulnerability
Reference: http://www.securityfocus.com/bid/3813

ICQ Forced User Addition Vulnerability
Reference: http://www.securityfocus.com/bid/3226

mIRC

Policy Rules for mIRC (Internet Relay Chat) include:

  • mIRC Installed
    This rule detects the installation of mIRC (Internet Relay Chat).

  • mIRC Started
    This rule detects the starting of an mIRC (Internet Relay Chat) application process.

Notable vulnerabilities for mIRC include the following:

MIRC Nick Buffer Overflow Vulnerability
Reference: http://www.securityfocus.com/bid/4027

mIRC DCC Nick Disclosure Vulnerability
Reference: http://www.securityfocus.com/bid/4247

Trillian

Policy Rules for Trillian include:

  • Trillian Installed
    This rule detects the installation of Trillian.

  • Trillian Started
    This rule detects the starting of a Trillian application process.

Notable vulnerabilities for Trillian include the following:

Trillian IRC Module Format String Vulnerability
Reference: http://www.securityfocus.com/bid/5388

Trillian IRC Module Buffer Overflow Vulnerability
Reference: http://www.securityfocus.com/bid/5389

Trillian IRC Module Buffer Overflow Vulnerability
Reference: http://www.securityfocus.com/bid/5373


Last modified on: Monday, 30-Jun-03 14:34:57
Site Map · Legal Notices · Privacy Policy · · Contact Us · Global Sites · License Agreements
©1995 - 2008 Symantec Corporation