ICQ : Security Vulnerabilities, CVEs,
ICQ 7 does not verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a crafted file that is fetched through an automatic-update mechanism.
Max CVSS
9.3
EPSS Score
0.35%
Published
2011-01-18
Updated
2018-10-09
Stack-based buffer overflow in the URL Search Hook (ICQToolBar.dll) in ICQ 6.5 allows remote attackers to cause a denial of service (persistent crash) and possibly execute arbitrary code via an Internet shortcut .URL file containing a long URL parameter, which triggers a crash when browsing a folder that contains this file.
Max CVSS
4.3
EPSS Score
5.68%
Published
2009-06-04
Updated
2018-10-10
toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers to cause a denial of service (toolbar crash) via a long argument to the (1) RequestURL, (2) GetPropertyById, or (3) SetPropertyById method, different vectors than CVE-2008-7135.
Max CVSS
4.3
EPSS Score
0.46%
Published
2009-09-01
Updated
2017-09-29
toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers to cause a denial of service (toolbar crash) via a long argument to the IsChecked method, a different vector than CVE-2008-7136.
Max CVSS
4.3
EPSS Score
0.46%
Published
2009-09-01
Updated
2017-08-17
Heap-based buffer overflow in the boxelyRenderer module in the Personal Status Manager feature in ICQ 6.0 build 6043 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted personal status message.
Max CVSS
7.5
EPSS Score
15.78%
Published
2008-04-23
Updated
2018-10-11
Format string vulnerability in the embedded Internet Explorer component for Mirabilis ICQ 6 build 6043 allows remote servers to execute arbitrary code or cause a denial of service (crash) via unspecified vectors related to HTML code generation.
Max CVSS
9.3
EPSS Score
0.30%
Published
2008-03-03
Updated
2011-03-08
ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information.
Max CVSS
5.5
EPSS Score
0.04%
Published
2000-06-06
Updated
2024-02-08
ICQ ActiveList Server allows remote attackers to cause a denial of service (crash) via malformed packets to the server's UDP port.
Max CVSS
5.0
EPSS Score
0.27%
Published
1999-10-17
Updated
2016-10-18
8 vulnerabilities found