COMMAND
	Icq DoS
SYSTEMS AFFECTED
	Icq 2001b,2002a
PROBLEM
	Michael [http://www.iFud.com/dfm/] says :
	If you send a malicious "contact" message, you can freeze target icq.
	Let's  look  at  the  contact  packet   (taken   from   Massimo   Melina
	documentation)
	
	contacts-msg content is:
	contacts number
	0xFE 
	uin
	0xFE 
	nick
	0xFE
	uin
	0xFE
	nick
	...
	and so on
	
	if we set contacts number to lets say 65535 and will send  such  packet,
	then target icq stop responding. Task  manager  shows,  that  icq  takes
	more and more memory, until you kill  it  or  it  will  eat  all  system
	resources.
	Proof of concept:
	
	http://www.iFud.com/dfm/DFM.exe
	
	 Update (25 July 2002)
	 ======
	Michael adds :
	Icq 2001&2002 have feature, that allows to insert graphical  smiles.
	I found, that if you send message filled with  lots  of  smiles(icq  msg
	can be about 7000 bytes long), then target icq hangs for 10-20  seconds,
	consuming all CPU time, or simply crashs.
	It seems for me that such type of message crashs only  icq's  that  have
	large .dat file, which holds all history.
	Proof of concept:
	
	http://www.iFud.com/dfm/DFMa.exe
	
SOLUTION
	disable receiving contacts from everyone (including your contact list)
	for the second bug, nothing yet.