Icq
by Icq
CVEs (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2000-0552 | Med | 0.39 | 5.5 | 0.01 | Jun 6, 2000 | ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information. | ||
| CVE-2009-1915 | 0.03 | — | 0.05 | Jun 4, 2009 | Stack-based buffer overflow in the URL Search Hook (ICQToolBar.dll) in ICQ 6.5 allows remote attackers to cause a denial of service (persistent crash) and possibly execute arbitrary code via an Internet shortcut .URL file containing a long URL parameter, which triggers a crash… | |||
| CVE-2002-1773 | 0.03 | — | 0.05 | Dec 31, 2002 | Buffer overflow in ICQ 2.6x for MacOS X 10.0 through 10.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long request. | |||
| CVE-2011-0487 | 0.00 | — | 0.03 | Jan 18, 2011 | ICQ 7 does not verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a crafted file that is fetched through an automatic-update mechanism. | |||
| CVE-2007-1904 | 0.00 | — | 0.04 | Apr 10, 2007 | Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 and earlier, and ICQ 5.1 and probably earlier, allows user-assisted remote attackers to write files to arbitrary locations via a .. (dot dot) in a filename in a file transfer operation. | |||
| CVE-2006-0766 | 0.00 | — | 0.01 | Feb 18, 2006 | ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions and bypass Windows security warnings via a filename that ends in an assumed-safe extension such as JPG,… | |||
| CVE-2006-0765 | 0.00 | — | 0.01 | Feb 18, 2006 | GUI display truncation vulnerability in ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions, bypass Windows security warnings via a filename that is all… | |||
| CVE-2002-2075 | 0.00 | — | 0.02 | Dec 31, 2002 | ICQ 2001a and 2002b allows remote attackers to cause a denial of service (memory consumption and hang) via a contact message with a large contacts number. | |||
| CVE-2002-0254 | 0.00 | — | 0.01 | May 29, 2002 | ICQ 2001b Build 3659 allows remote attackers to cause a denial of service (crash) via a malformed picture that contains large height and width values, which causes the crash when viewed in Userdetails. | |||
| CVE-2002-0028 | 0.00 | — | 0.05 | Feb 27, 2002 | Buffer overflow in ICQ before 2001B Beta v5.18 Build #3659 allows remote attackers to execute arbitrary code via a Voice Video & Games request. | |||
| CVE-2001-1305 | 0.00 | — | 0.01 | Aug 17, 2001 | ICQ 2001a Alpha and earlier allows remote attackers to automatically add arbitrary UINs to an ICQ user's contact list via a URL to a web page with a Content-Type of application/x-icq, which is processed by Internet Explorer. | |||
| CVE-1999-1289 | 0.00 | — | 0.01 | Nov 11, 1998 | ICQ 98 beta on Windows NT leaks the internal IP address of a client in the TCP data segment of an ICQ packet instead of the public address (e.g. through NAT), which provides remote attackers with potentially sensitive information about the client or the internal network… |
- risk 0.39cvss 5.5epss 0.01
ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information.
- CVE-2009-1915Jun 4, 2009risk 0.03cvss —epss 0.05
Stack-based buffer overflow in the URL Search Hook (ICQToolBar.dll) in ICQ 6.5 allows remote attackers to cause a denial of service (persistent crash) and possibly execute arbitrary code via an Internet shortcut .URL file containing a long URL parameter, which triggers a crash…
- CVE-2002-1773Dec 31, 2002risk 0.03cvss —epss 0.05
Buffer overflow in ICQ 2.6x for MacOS X 10.0 through 10.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long request.
- CVE-2011-0487Jan 18, 2011risk 0.00cvss —epss 0.03
ICQ 7 does not verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a crafted file that is fetched through an automatic-update mechanism.
- CVE-2007-1904Apr 10, 2007risk 0.00cvss —epss 0.04
Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 and earlier, and ICQ 5.1 and probably earlier, allows user-assisted remote attackers to write files to arbitrary locations via a .. (dot dot) in a filename in a file transfer operation.
- CVE-2006-0766Feb 18, 2006risk 0.00cvss —epss 0.01
ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions and bypass Windows security warnings via a filename that ends in an assumed-safe extension such as JPG,…
- CVE-2006-0765Feb 18, 2006risk 0.00cvss —epss 0.01
GUI display truncation vulnerability in ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions, bypass Windows security warnings via a filename that is all…
- CVE-2002-2075Dec 31, 2002risk 0.00cvss —epss 0.02
ICQ 2001a and 2002b allows remote attackers to cause a denial of service (memory consumption and hang) via a contact message with a large contacts number.
- CVE-2002-0254May 29, 2002risk 0.00cvss —epss 0.01
ICQ 2001b Build 3659 allows remote attackers to cause a denial of service (crash) via a malformed picture that contains large height and width values, which causes the crash when viewed in Userdetails.
- CVE-2002-0028Feb 27, 2002risk 0.00cvss —epss 0.05
Buffer overflow in ICQ before 2001B Beta v5.18 Build #3659 allows remote attackers to execute arbitrary code via a Voice Video & Games request.
- CVE-2001-1305Aug 17, 2001risk 0.00cvss —epss 0.01
ICQ 2001a Alpha and earlier allows remote attackers to automatically add arbitrary UINs to an ICQ user's contact list via a URL to a web page with a Content-Type of application/x-icq, which is processed by Internet Explorer.
- CVE-1999-1289Nov 11, 1998risk 0.00cvss —epss 0.01
ICQ 98 beta on Windows NT leaks the internal IP address of a client in the TCP data segment of an ICQ packet instead of the public address (e.g. through NAT), which provides remote attackers with potentially sensitive information about the client or the internal network…