CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2006-5724
https://notcve.org/view.php?id=CVE-2006-5724
04 Nov 2006 — Heap-based buffer overflow the "Answering Service" function in ICQ 2003b Build 3916 allows local users to cause a denial of service (application crash) via a long string in the "AwayMsg Presets" value in the ICQ\ICQPro\DefaultPrefs\Presets registry key. Desbordamiento de búfer basado en pila en la función "Answering Service" en ICQ 2003b construcción 3916 permite a un usuario local provocar denegación de servicio (caida de aplicación) a través de una cadena larga en el valor "AwayMsg Presets" en la linea de... • http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050461.html •
CVSS: 9.8EPSS: 13%CPEs: 19EXPL: 0CVE-2006-4662
https://notcve.org/view.php?id=CVE-2006-4662
09 Sep 2006 — Heap-based buffer overflow in the MCRegEx__Search function in AOL ICQ Pro 2003b Build 3916 and earlier allows remote attackers to execute arbitrary code via an inconsistent length field of a Message in a 0x2711 Type-Length-Value (TLV) type. Desbordamiento de búfer basado en montón en la función MCRegEx__Search en AOL ICQ Pro 2003b Build 3916 y anteriores permiten a un atacanet remoto ejecutar código de su elección a través de un campo grnde inconsistente de un mensaje en un tipo 0x2711 Type-Length-Value (TL... • http://secunia.com/advisories/21834 •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2303
https://notcve.org/view.php?id=CVE-2006-2303
11 May 2006 — Cross-Application Scripting (XAS) vulnerability in ICQ Client 5.04 build 2321 and earlier allows remote attackers to inject arbitrary web script from one application into another via a banner, which is processed in the My Computer zone using the Internet Explorer COM object. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045916.html •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2006-0765
https://notcve.org/view.php?id=CVE-2006-0765
18 Feb 2006 — GUI display truncation vulnerability in ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions, bypass Windows security warnings via a filename that is all uppercase and of a specific length, which truncates the malicious extension from the display and could trick a user into executing arbitrary programs. • http://www.securityfocus.com/archive/1/425078/100/0/threaded •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2006-0766
https://notcve.org/view.php?id=CVE-2006-0766
18 Feb 2006 — ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions and bypass Windows security warnings via a filename that ends in an assumed-safe extension such as JPG, and possibly containing other modified properties such as company name, icon, and description, which could trick a user into executing arbitrary programs. • http://www.securityfocus.com/archive/1/425078/100/0/threaded •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2005-3433
https://notcve.org/view.php?id=CVE-2005-3433
02 Nov 2005 — Buffer overflow in Mirabilis ICQ 2003a allows user-assisted attackers to execute arbitrary code by convincing a user to enter long strings into the First Name and Last Name fields. • http://marc.info/?l=bugtraq&m=113063323109149&w=2 •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1CVE-2003-0769 – ICQ 2003 - Webfront Guestbook Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2003-0769
12 Sep 2003 — Cross-site scripting (XSS) vulnerability in the ICQ Web Front guestbook (guestbook.html) allows remote attackers to insert arbitrary web script and HTML via the message field. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en libro de invitados de ICQ Web Front (guestbook.html) permite a atacantes remotos insertar script web arbitrario y HTML mediante el campo de mensaje. • https://www.exploit-db.com/exploits/23120 •
CVSS: 9.8EPSS: 1%CPEs: 13EXPL: 0CVE-2003-0235
https://notcve.org/view.php?id=CVE-2003-0235
07 May 2003 — Format string vulnerability in POP3 client for Mirabilis ICQ Pro 2003a allows remote malicious servers to execute arbitrary code via format strings in the response to a UIDL command. Vulnerabilidad en formateado de cadenas en cliente POP3 para Mirabilis ICQ Pro 2003a permite que servidores remotos maliciosos ejecuten código arbitrario mediante cadenas formateadas en la respuesta a un comando UIDL. • http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0051.html •
CVSS: 9.8EPSS: 3%CPEs: 13EXPL: 0CVE-2003-0236
https://notcve.org/view.php?id=CVE-2003-0236
07 May 2003 — Integer signedness errors in the POP3 client for Mirabilis ICQ Pro 2003a allow remote attackers to execute arbitrary code via the (1) Subject or (2) Date headers. Error en las signaturas de enteros en cliente POP3 para Mirabilis ICQ Pro 2003a permite que atacantes remotos ejecuten código arbitrario mediante los encabezamientos "Subject" o "Date". • http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0051.html •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2003-0237
https://notcve.org/view.php?id=CVE-2003-0237
07 May 2003 — The "ICQ Features on Demand" functionality for Mirabilis ICQ Pro 2003a does not properly verify the authenticity of software upgrades, which allows remote attackers to install arbitrary software via a spoofing attack. La funcionalidad "ICQ Features on Demand" en Mirabilis ICQ Pro 2003a no verifica adecuadamente la autenticidad de las actualizaciones software, lo que permitiría a atacantes remotos instalar software arbitrario. • http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0051.html •