Icq
by Mirabilis
CVEs (25)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2000-0046 | 0.04 | — | 0.07 | Jan 10, 2000 | Buffer overflow in ICQ 99b 1.1.1.1 client allows remote attackers to execute commands via a malformed URL within an ICQ message. | |||
| CVE-2003-0769 | 0.03 | — | 0.03 | Sep 22, 2003 | Cross-site scripting (XSS) vulnerability in the ICQ Web Front guestbook (guestbook.html) allows remote attackers to insert arbitrary web script and HTML via the message field. | |||
| CVE-2008-1120 | 0.00 | — | 0.03 | Mar 3, 2008 | Format string vulnerability in the embedded Internet Explorer component for Mirabilis ICQ 6 build 6043 allows remote servers to execute arbitrary code or cause a denial of service (crash) via unspecified vectors related to HTML code generation. | |||
| CVE-2006-5724 | 0.00 | — | 0.00 | Nov 4, 2006 | Heap-based buffer overflow the "Answering Service" function in ICQ 2003b Build 3916 allows local users to cause a denial of service (application crash) via a long string in the "AwayMsg Presets" value in the ICQ\ICQPro\DefaultPrefs\Presets registry key. | |||
| CVE-2006-4662 | 0.00 | — | 0.06 | Sep 9, 2006 | Heap-based buffer overflow in the MCRegEx__Search function in AOL ICQ Pro 2003b Build 3916 and earlier allows remote attackers to execute arbitrary code via an inconsistent length field of a Message in a 0x2711 Type-Length-Value (TLV) type. | |||
| CVE-2006-2303 | 0.00 | — | 0.02 | May 11, 2006 | Cross-Application Scripting (XAS) vulnerability in ICQ Client 5.04 build 2321 and earlier allows remote attackers to inject arbitrary web script from one application into another via a banner, which is processed in the My Computer zone using the Internet Explorer COM object. | |||
| CVE-2006-0766 | 0.00 | — | 0.01 | Feb 18, 2006 | ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions and bypass Windows security warnings via a filename that ends in an assumed-safe extension such as JPG,… | |||
| CVE-2006-0765 | 0.00 | — | 0.01 | Feb 18, 2006 | GUI display truncation vulnerability in ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions, bypass Windows security warnings via a filename that is all… | |||
| CVE-2005-3433 | 0.00 | — | 0.01 | Nov 2, 2005 | Buffer overflow in Mirabilis ICQ 2003a allows user-assisted attackers to execute arbitrary code by convincing a user to enter long strings into the First Name and Last Name fields. | |||
| CVE-2003-0239 | 0.00 | — | 0.02 | May 27, 2003 | icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service via malformed GIF89a headers that do not contain a GCT (Global Color Table) or an LCT (Local Color Table) after an Image Descriptor. | |||
| CVE-2003-0236 | 0.00 | — | 0.03 | May 27, 2003 | Integer signedness errors in the POP3 client for Mirabilis ICQ Pro 2003a allow remote attackers to execute arbitrary code via the (1) Subject or (2) Date headers. | |||
| CVE-2003-0238 | 0.00 | — | 0.02 | May 27, 2003 | The Message Session window in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service (CPU consumption) by spoofing the address of an ADS server and sending HTML with a -1 width in a table tag. | |||
| CVE-2003-0237 | 0.00 | — | 0.02 | May 27, 2003 | The "ICQ Features on Demand" functionality for Mirabilis ICQ Pro 2003a does not properly verify the authenticity of software upgrades, which allows remote attackers to install arbitrary software via a spoofing attack. | |||
| CVE-2003-0235 | 0.00 | — | 0.02 | May 27, 2003 | Format string vulnerability in POP3 client for Mirabilis ICQ Pro 2003a allows remote malicious servers to execute arbitrary code via format strings in the response to a UIDL command. | |||
| CVE-2002-2075 | 0.00 | — | 0.02 | Dec 31, 2002 | ICQ 2001a and 2002b allows remote attackers to cause a denial of service (memory consumption and hang) via a contact message with a large contacts number. | |||
| CVE-2002-1743 | 0.00 | — | 0.02 | Dec 31, 2002 | AOL ICQ 2002a Build 3722 allows remote attackers to cause a denial of service (crash) via a malformed .hpf file. | |||
| CVE-2002-2329 | 0.00 | — | 0.02 | Dec 31, 2002 | ICQ client 2001b, 2002a and 2002b allows remote attackers to cause a denial of service (CPU consumption or crash) via a message with a large number of emoticons. | |||
| CVE-2002-0254 | 0.00 | — | 0.01 | May 29, 2002 | ICQ 2001b Build 3659 allows remote attackers to cause a denial of service (crash) via a malformed picture that contains large height and width values, which causes the crash when viewed in Userdetails. | |||
| CVE-2002-0028 | 0.00 | — | 0.05 | Feb 27, 2002 | Buffer overflow in ICQ before 2001B Beta v5.18 Build #3659 allows remote attackers to execute arbitrary code via a Voice Video & Games request. | |||
| CVE-2001-1305 | 0.00 | — | 0.01 | Aug 17, 2001 | ICQ 2001a Alpha and earlier allows remote attackers to automatically add arbitrary UINs to an ICQ user's contact list via a URL to a web page with a Content-Type of application/x-icq, which is processed by Internet Explorer. |
- CVE-2000-0046Jan 10, 2000risk 0.04cvss —epss 0.07
Buffer overflow in ICQ 99b 1.1.1.1 client allows remote attackers to execute commands via a malformed URL within an ICQ message.
- CVE-2003-0769Sep 22, 2003risk 0.03cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in the ICQ Web Front guestbook (guestbook.html) allows remote attackers to insert arbitrary web script and HTML via the message field.
- CVE-2008-1120Mar 3, 2008risk 0.00cvss —epss 0.03
Format string vulnerability in the embedded Internet Explorer component for Mirabilis ICQ 6 build 6043 allows remote servers to execute arbitrary code or cause a denial of service (crash) via unspecified vectors related to HTML code generation.
- CVE-2006-5724Nov 4, 2006risk 0.00cvss —epss 0.00
Heap-based buffer overflow the "Answering Service" function in ICQ 2003b Build 3916 allows local users to cause a denial of service (application crash) via a long string in the "AwayMsg Presets" value in the ICQ\ICQPro\DefaultPrefs\Presets registry key.
- CVE-2006-4662Sep 9, 2006risk 0.00cvss —epss 0.06
Heap-based buffer overflow in the MCRegEx__Search function in AOL ICQ Pro 2003b Build 3916 and earlier allows remote attackers to execute arbitrary code via an inconsistent length field of a Message in a 0x2711 Type-Length-Value (TLV) type.
- CVE-2006-2303May 11, 2006risk 0.00cvss —epss 0.02
Cross-Application Scripting (XAS) vulnerability in ICQ Client 5.04 build 2321 and earlier allows remote attackers to inject arbitrary web script from one application into another via a banner, which is processed in the My Computer zone using the Internet Explorer COM object.
- CVE-2006-0766Feb 18, 2006risk 0.00cvss —epss 0.01
ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions and bypass Windows security warnings via a filename that ends in an assumed-safe extension such as JPG,…
- CVE-2006-0765Feb 18, 2006risk 0.00cvss —epss 0.01
GUI display truncation vulnerability in ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions, bypass Windows security warnings via a filename that is all…
- CVE-2005-3433Nov 2, 2005risk 0.00cvss —epss 0.01
Buffer overflow in Mirabilis ICQ 2003a allows user-assisted attackers to execute arbitrary code by convincing a user to enter long strings into the First Name and Last Name fields.
- CVE-2003-0239May 27, 2003risk 0.00cvss —epss 0.02
icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service via malformed GIF89a headers that do not contain a GCT (Global Color Table) or an LCT (Local Color Table) after an Image Descriptor.
- CVE-2003-0236May 27, 2003risk 0.00cvss —epss 0.03
Integer signedness errors in the POP3 client for Mirabilis ICQ Pro 2003a allow remote attackers to execute arbitrary code via the (1) Subject or (2) Date headers.
- CVE-2003-0238May 27, 2003risk 0.00cvss —epss 0.02
The Message Session window in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service (CPU consumption) by spoofing the address of an ADS server and sending HTML with a -1 width in a table tag.
- CVE-2003-0237May 27, 2003risk 0.00cvss —epss 0.02
The "ICQ Features on Demand" functionality for Mirabilis ICQ Pro 2003a does not properly verify the authenticity of software upgrades, which allows remote attackers to install arbitrary software via a spoofing attack.
- CVE-2003-0235May 27, 2003risk 0.00cvss —epss 0.02
Format string vulnerability in POP3 client for Mirabilis ICQ Pro 2003a allows remote malicious servers to execute arbitrary code via format strings in the response to a UIDL command.
- CVE-2002-2075Dec 31, 2002risk 0.00cvss —epss 0.02
ICQ 2001a and 2002b allows remote attackers to cause a denial of service (memory consumption and hang) via a contact message with a large contacts number.
- CVE-2002-1743Dec 31, 2002risk 0.00cvss —epss 0.02
AOL ICQ 2002a Build 3722 allows remote attackers to cause a denial of service (crash) via a malformed .hpf file.
- CVE-2002-2329Dec 31, 2002risk 0.00cvss —epss 0.02
ICQ client 2001b, 2002a and 2002b allows remote attackers to cause a denial of service (CPU consumption or crash) via a message with a large number of emoticons.
- CVE-2002-0254May 29, 2002risk 0.00cvss —epss 0.01
ICQ 2001b Build 3659 allows remote attackers to cause a denial of service (crash) via a malformed picture that contains large height and width values, which causes the crash when viewed in Userdetails.
- CVE-2002-0028Feb 27, 2002risk 0.00cvss —epss 0.05
Buffer overflow in ICQ before 2001B Beta v5.18 Build #3659 allows remote attackers to execute arbitrary code via a Voice Video & Games request.
- CVE-2001-1305Aug 17, 2001risk 0.00cvss —epss 0.01
ICQ 2001a Alpha and earlier allows remote attackers to automatically add arbitrary UINs to an ICQ user's contact list via a URL to a web page with a Content-Type of application/x-icq, which is processed by Internet Explorer.
Page 1 of 2