Vendor CVEs
Icq
All CVEs
29 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2000-0552 | Med | 0.39 | 5.5 | 0.01 | Jun 6, 2000 | ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information. | ||
| CVE-2000-0046 | 0.04 | — | 0.07 | Jan 10, 2000 | Buffer overflow in ICQ 99b 1.1.1.1 client allows remote attackers to execute commands via a malformed URL within an ICQ message. | |||
| CVE-2008-7136 | 0.03 | — | 0.04 | Sep 1, 2009 | toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers to cause a denial of service (toolbar crash) via a long argument to the (1) RequestURL, (2) GetPropertyById, or (3) SetPropertyById method, different vectors than CVE-2008-7135. | |||
| CVE-2008-7135 | 0.03 | — | 0.02 | Sep 1, 2009 | toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers to cause a denial of service (toolbar crash) via a long argument to the IsChecked method, a different vector than CVE-2008-7136. | |||
| CVE-2009-1915 | 0.03 | — | 0.05 | Jun 4, 2009 | Stack-based buffer overflow in the URL Search Hook (ICQToolBar.dll) in ICQ 6.5 allows remote attackers to cause a denial of service (persistent crash) and possibly execute arbitrary code via an Internet shortcut .URL file containing a long URL parameter, which triggers a crash… | |||
| CVE-2008-1920 | 0.03 | — | 0.05 | Apr 23, 2008 | Heap-based buffer overflow in the boxelyRenderer module in the Personal Status Manager feature in ICQ 6.0 build 6043 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted personal status message. | |||
| CVE-2003-0769 | 0.03 | — | 0.03 | Sep 22, 2003 | Cross-site scripting (XSS) vulnerability in the ICQ Web Front guestbook (guestbook.html) allows remote attackers to insert arbitrary web script and HTML via the message field. | |||
| CVE-2002-1773 | 0.03 | — | 0.05 | Dec 31, 2002 | Buffer overflow in ICQ 2.6x for MacOS X 10.0 through 10.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long request. | |||
| CVE-2000-1078 | 0.03 | — | 0.05 | Dec 11, 2000 | ICQ Web Front HTTPd allows remote attackers to cause a denial of service by requesting a URL that contains a "?" character. | |||
| CVE-2011-0487 | 0.00 | — | 0.03 | Jan 18, 2011 | ICQ 7 does not verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a crafted file that is fetched through an automatic-update mechanism. | |||
| CVE-2008-1120 | 0.00 | — | 0.03 | Mar 3, 2008 | Format string vulnerability in the embedded Internet Explorer component for Mirabilis ICQ 6 build 6043 allows remote servers to execute arbitrary code or cause a denial of service (crash) via unspecified vectors related to HTML code generation. | |||
| CVE-2007-1904 | 0.00 | — | 0.04 | Apr 10, 2007 | Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 and earlier, and ICQ 5.1 and probably earlier, allows user-assisted remote attackers to write files to arbitrary locations via a .. (dot dot) in a filename in a file transfer operation. | |||
| CVE-2006-5724 | 0.00 | — | 0.00 | Nov 4, 2006 | Heap-based buffer overflow the "Answering Service" function in ICQ 2003b Build 3916 allows local users to cause a denial of service (application crash) via a long string in the "AwayMsg Presets" value in the ICQ\ICQPro\DefaultPrefs\Presets registry key. | |||
| CVE-2006-4661 | 0.00 | — | 0.01 | Sep 9, 2006 | AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does not properly validate the origin of the configuration web page (options2.html), which allows user-assisted remote attackers to provide a web page that contains disguised checkboxes that trick the user into… | |||
| CVE-2006-4660 | 0.00 | — | 0.01 | Sep 9, 2006 | Multiple cross-site scripting (XSS) vulnerabilities in the RSS Feed module in AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) allow remote attackers to process arbitrary web script or HTML in the Feeds interface context via the (1) title and (2) description elements… | |||
| CVE-2006-2303 | 0.00 | — | 0.02 | May 11, 2006 | Cross-Application Scripting (XAS) vulnerability in ICQ Client 5.04 build 2321 and earlier allows remote attackers to inject arbitrary web script from one application into another via a banner, which is processed in the My Computer zone using the Internet Explorer COM object. | |||
| CVE-2006-0765 | 0.00 | — | 0.01 | Feb 18, 2006 | GUI display truncation vulnerability in ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions, bypass Windows security warnings via a filename that is all… | |||
| CVE-2006-0766 | 0.00 | — | 0.01 | Feb 18, 2006 | ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions and bypass Windows security warnings via a filename that ends in an assumed-safe extension such as JPG,… | |||
| CVE-2003-0365 | 0.00 | — | 0.00 | Jun 16, 2003 | ICQLite 2003a creates the ICQ Lite directory with an ACE for "Full Control" privileges for Interactive Users, which allows local users to gain privileges as other users by replacing the executables with malicious programs. | |||
| CVE-2002-2075 | 0.00 | — | 0.02 | Dec 31, 2002 | ICQ 2001a and 2002b allows remote attackers to cause a denial of service (memory consumption and hang) via a contact message with a large contacts number. | |||
| CVE-2002-2329 | 0.00 | — | 0.02 | Dec 31, 2002 | ICQ client 2001b, 2002a and 2002b allows remote attackers to cause a denial of service (CPU consumption or crash) via a message with a large number of emoticons. | |||
| CVE-2002-0254 | 0.00 | — | 0.01 | May 29, 2002 | ICQ 2001b Build 3659 allows remote attackers to cause a denial of service (crash) via a malformed picture that contains large height and width values, which causes the crash when viewed in Userdetails. | |||
| CVE-2002-0028 | 0.00 | — | 0.05 | Feb 27, 2002 | Buffer overflow in ICQ before 2001B Beta v5.18 Build #3659 allows remote attackers to execute arbitrary code via a Voice Video & Games request. | |||
| CVE-2001-1305 | 0.00 | — | 0.01 | Aug 17, 2001 | ICQ 2001a Alpha and earlier allows remote attackers to automatically add arbitrary UINs to an ICQ user's contact list via a URL to a web page with a Content-Type of application/x-icq, which is processed by Internet Explorer. | |||
| CVE-1999-1342 | 0.00 | — | 0.01 | Oct 17, 1999 | ICQ ActiveList Server allows remote attackers to cause a denial of service (crash) via malformed packets to the server's UDP port. | |||
| CVE-1999-1418 | 0.00 | — | 0.01 | May 1, 1999 | ICQ99 ICQ web server build 1701 with "Active Homepage" enabled generates allows remote attackers to determine the existence of files on the server by comparing server responses when a file exists ("404 Forbidden") versus when a file does not exist ("404 not found"). | |||
| CVE-1999-0474 | 0.00 | — | 0.02 | Apr 5, 1999 | The ICQ Webserver allows remote attackers to use .. to access arbitrary files outside of the user's personal directory. | |||
| CVE-1999-1440 | 0.00 | — | 0.01 | Jan 1, 1999 | Win32 ICQ 98a 1.30, and possibly other versions, does not display the entire portion of long filenames, which could allow attackers to send an executable file with a long name that contains so many spaces that the .exe extension is not displayed, which could make the user… | |||
| CVE-1999-1289 | 0.00 | — | 0.01 | Nov 11, 1998 | ICQ 98 beta on Windows NT leaks the internal IP address of a client in the TCP data segment of an ICQ packet instead of the public address (e.g. through NAT), which provides remote attackers with potentially sensitive information about the client or the internal network… |
- risk 0.39cvss 5.5epss 0.01
ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information.
- CVE-2000-0046Jan 10, 2000risk 0.04cvss —epss 0.07
Buffer overflow in ICQ 99b 1.1.1.1 client allows remote attackers to execute commands via a malformed URL within an ICQ message.
- CVE-2008-7136Sep 1, 2009risk 0.03cvss —epss 0.04
toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers to cause a denial of service (toolbar crash) via a long argument to the (1) RequestURL, (2) GetPropertyById, or (3) SetPropertyById method, different vectors than CVE-2008-7135.
- CVE-2008-7135Sep 1, 2009risk 0.03cvss —epss 0.02
toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers to cause a denial of service (toolbar crash) via a long argument to the IsChecked method, a different vector than CVE-2008-7136.
- CVE-2009-1915Jun 4, 2009risk 0.03cvss —epss 0.05
Stack-based buffer overflow in the URL Search Hook (ICQToolBar.dll) in ICQ 6.5 allows remote attackers to cause a denial of service (persistent crash) and possibly execute arbitrary code via an Internet shortcut .URL file containing a long URL parameter, which triggers a crash…
- CVE-2008-1920Apr 23, 2008risk 0.03cvss —epss 0.05
Heap-based buffer overflow in the boxelyRenderer module in the Personal Status Manager feature in ICQ 6.0 build 6043 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted personal status message.
- CVE-2003-0769Sep 22, 2003risk 0.03cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in the ICQ Web Front guestbook (guestbook.html) allows remote attackers to insert arbitrary web script and HTML via the message field.
- CVE-2002-1773Dec 31, 2002risk 0.03cvss —epss 0.05
Buffer overflow in ICQ 2.6x for MacOS X 10.0 through 10.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long request.
- CVE-2000-1078Dec 11, 2000risk 0.03cvss —epss 0.05
ICQ Web Front HTTPd allows remote attackers to cause a denial of service by requesting a URL that contains a "?" character.
- CVE-2011-0487Jan 18, 2011risk 0.00cvss —epss 0.03
ICQ 7 does not verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a crafted file that is fetched through an automatic-update mechanism.
- CVE-2008-1120Mar 3, 2008risk 0.00cvss —epss 0.03
Format string vulnerability in the embedded Internet Explorer component for Mirabilis ICQ 6 build 6043 allows remote servers to execute arbitrary code or cause a denial of service (crash) via unspecified vectors related to HTML code generation.
- CVE-2007-1904Apr 10, 2007risk 0.00cvss —epss 0.04
Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 and earlier, and ICQ 5.1 and probably earlier, allows user-assisted remote attackers to write files to arbitrary locations via a .. (dot dot) in a filename in a file transfer operation.
- CVE-2006-5724Nov 4, 2006risk 0.00cvss —epss 0.00
Heap-based buffer overflow the "Answering Service" function in ICQ 2003b Build 3916 allows local users to cause a denial of service (application crash) via a long string in the "AwayMsg Presets" value in the ICQ\ICQPro\DefaultPrefs\Presets registry key.
- CVE-2006-4661Sep 9, 2006risk 0.00cvss —epss 0.01
AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does not properly validate the origin of the configuration web page (options2.html), which allows user-assisted remote attackers to provide a web page that contains disguised checkboxes that trick the user into…
- CVE-2006-4660Sep 9, 2006risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in the RSS Feed module in AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) allow remote attackers to process arbitrary web script or HTML in the Feeds interface context via the (1) title and (2) description elements…
- CVE-2006-2303May 11, 2006risk 0.00cvss —epss 0.02
Cross-Application Scripting (XAS) vulnerability in ICQ Client 5.04 build 2321 and earlier allows remote attackers to inject arbitrary web script from one application into another via a banner, which is processed in the My Computer zone using the Internet Explorer COM object.
- CVE-2006-0765Feb 18, 2006risk 0.00cvss —epss 0.01
GUI display truncation vulnerability in ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions, bypass Windows security warnings via a filename that is all…
- CVE-2006-0766Feb 18, 2006risk 0.00cvss —epss 0.01
ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions and bypass Windows security warnings via a filename that ends in an assumed-safe extension such as JPG,…
- CVE-2003-0365Jun 16, 2003risk 0.00cvss —epss 0.00
ICQLite 2003a creates the ICQ Lite directory with an ACE for "Full Control" privileges for Interactive Users, which allows local users to gain privileges as other users by replacing the executables with malicious programs.
- CVE-2002-2075Dec 31, 2002risk 0.00cvss —epss 0.02
ICQ 2001a and 2002b allows remote attackers to cause a denial of service (memory consumption and hang) via a contact message with a large contacts number.
- CVE-2002-2329Dec 31, 2002risk 0.00cvss —epss 0.02
ICQ client 2001b, 2002a and 2002b allows remote attackers to cause a denial of service (CPU consumption or crash) via a message with a large number of emoticons.
- CVE-2002-0254May 29, 2002risk 0.00cvss —epss 0.01
ICQ 2001b Build 3659 allows remote attackers to cause a denial of service (crash) via a malformed picture that contains large height and width values, which causes the crash when viewed in Userdetails.
- CVE-2002-0028Feb 27, 2002risk 0.00cvss —epss 0.05
Buffer overflow in ICQ before 2001B Beta v5.18 Build #3659 allows remote attackers to execute arbitrary code via a Voice Video & Games request.
- CVE-2001-1305Aug 17, 2001risk 0.00cvss —epss 0.01
ICQ 2001a Alpha and earlier allows remote attackers to automatically add arbitrary UINs to an ICQ user's contact list via a URL to a web page with a Content-Type of application/x-icq, which is processed by Internet Explorer.
- CVE-1999-1342Oct 17, 1999risk 0.00cvss —epss 0.01
ICQ ActiveList Server allows remote attackers to cause a denial of service (crash) via malformed packets to the server's UDP port.
- CVE-1999-1418May 1, 1999risk 0.00cvss —epss 0.01
ICQ99 ICQ web server build 1701 with "Active Homepage" enabled generates allows remote attackers to determine the existence of files on the server by comparing server responses when a file exists ("404 Forbidden") versus when a file does not exist ("404 not found").
- CVE-1999-0474Apr 5, 1999risk 0.00cvss —epss 0.02
The ICQ Webserver allows remote attackers to use .. to access arbitrary files outside of the user's personal directory.
- CVE-1999-1440Jan 1, 1999risk 0.00cvss —epss 0.01
Win32 ICQ 98a 1.30, and possibly other versions, does not display the entire portion of long filenames, which could allow attackers to send an executable file with a long name that contains so many spaces that the .exe extension is not displayed, which could make the user…
- CVE-1999-1289Nov 11, 1998risk 0.00cvss —epss 0.01
ICQ 98 beta on Windows NT leaks the internal IP address of a client in the TCP data segment of an ICQ packet instead of the public address (e.g. through NAT), which provides remote attackers with potentially sensitive information about the client or the internal network…