ICQ 7 does not verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a crafted file that is fetched through an automatic-update mechanism.
Max CVSS
9.3
EPSS Score
0.35%
Published
2011-01-18
Updated
2018-10-09
Stack-based buffer overflow in the URL Search Hook (ICQToolBar.dll) in ICQ 6.5 allows remote attackers to cause a denial of service (persistent crash) and possibly execute arbitrary code via an Internet shortcut .URL file containing a long URL parameter, which triggers a crash when browsing a folder that contains this file.
Max CVSS
4.3
EPSS Score
5.68%
Published
2009-06-04
Updated
2018-10-10
ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information.
Max CVSS
5.5
EPSS Score
0.04%
Published
2000-06-06
Updated
2024-02-08
3 vulnerabilities found