Title: ICQ Lite executable trojaning Affected: ICQLite 2003a Vendor: ICQ Inc Risk: Average Exploitable: Yes Remote: No I. Intro: ICQ Lite is popular internet messenger software. This is only ICQ version which requires no elevated privileges (such as Power User) to work, so, it's often used by corporate users and on public computers. II. Problem: During installation ICQLite silently adds Intercative Users: Full Control ACE to ACLs for Program Files\ICQ Lite directory. It makes it possible to replace any executable file in this directory and to obtain privileges of user launching ICQ Lite. III. Workaround Replace "Full Control" with "Change" permission for installation directory and to "Read" permissions for all executable files (.exe and .dll's).