CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 1CVE-2006-5724
https://notcve.org/view.php?id=CVE-2006-5724
Heap-based buffer overflow the "Answering Service" function in ICQ 2003b Build 3916 allows local users to cause a denial of service (application crash) via a long string in the "AwayMsg Presets" value in the ICQ\ICQPro\DefaultPrefs\Presets registry key. Desbordamiento de búfer basado en pila en la función "Answering Service" en ICQ 2003b construcción 3916 permite a un usuario local provocar denegación de servicio (caida de aplicación) a través de una cadena larga en el valor "AwayMsg Presets" en la linea de registro: ICQ\ICQPro\DefaultPrefs\Presets. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050461.html http://securityreason.com/securityalert/1818 https://exchange.xforce.ibmcloud.com/vulnerabilities/29933 •
CVSS: 7.5EPSS: 35%CPEs: 19EXPL: 0CVE-2006-4662
https://notcve.org/view.php?id=CVE-2006-4662
Heap-based buffer overflow in the MCRegEx__Search function in AOL ICQ Pro 2003b Build 3916 and earlier allows remote attackers to execute arbitrary code via an inconsistent length field of a Message in a 0x2711 Type-Length-Value (TLV) type. Desbordamiento de búfer basado en montón en la función MCRegEx__Search en AOL ICQ Pro 2003b Build 3916 y anteriores permiten a un atacanet remoto ejecutar código de su elección a través de un campo grnde inconsistente de un mensaje en un tipo 0x2711 Type-Length-Value (TLV). • http://secunia.com/advisories/21834 http://securityreason.com/securityalert/1530 http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1509 http://www.kb.cert.org/vuls/id/400780 http://www.securityfocus.com/archive/1/445513/100/0/threaded http://www.securityfocus.com/bid/19897 http://www.vupen.com/english/advisories/2006/3527 https://exchange.xforce.ibmcloud.com/vulnerabilities/28835 •
CVSS: 6.4EPSS: 1%CPEs: 1EXPL: 0CVE-2006-2303
https://notcve.org/view.php?id=CVE-2006-2303
Cross-Application Scripting (XAS) vulnerability in ICQ Client 5.04 build 2321 and earlier allows remote attackers to inject arbitrary web script from one application into another via a banner, which is processed in the My Computer zone using the Internet Explorer COM object. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045916.html http://secunia.com/advisories/20010 http://securityreason.com/securityalert/868 http://securitytracker.com/id?1016045 http://www.securityfocus.com/archive/1/433360/100/0/threaded http://www.securityfocus.com/bid/17913 http://www.vupen.com/english/advisories/2006/1765 https://exchange.xforce.ibmcloud.com/vulnerabilities/26386 •
CVSS: 5.1EPSS: 0%CPEs: 4EXPL: 0CVE-2006-0765
https://notcve.org/view.php?id=CVE-2006-0765
GUI display truncation vulnerability in ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions, bypass Windows security warnings via a filename that is all uppercase and of a specific length, which truncates the malicious extension from the display and could trick a user into executing arbitrary programs. • http://www.securityfocus.com/archive/1/425078/100/0/threaded http://www.securityfocus.com/bid/16655 •
CVSS: 5.1EPSS: 0%CPEs: 4EXPL: 0CVE-2006-0766
https://notcve.org/view.php?id=CVE-2006-0766
ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions and bypass Windows security warnings via a filename that ends in an assumed-safe extension such as JPG, and possibly containing other modified properties such as company name, icon, and description, which could trick a user into executing arbitrary programs. • http://www.securityfocus.com/archive/1/425078/100/0/threaded http://www.securityfocus.com/bid/16655 •