CVEdetails.com the ultimate security vulnerability data source

Log In Register

Take a third party risk management course for FREE

Vulnerability Feeds & Widgets^New www.itsecdb.com

Switch to https:// Home Browse :
Vendors Products Vulnerabilities By Date Vulnerabilities By Type Reports :
CVSS Score Report CVSS Score Distribution Search :
Vendor Search Product Search Version Search Vulnerability Search By Microsoft References Top 50 :
Vendors Vendor Cvss Scores Products Product Cvss Scores Versions Other :
Microsoft Bulletins Bugtraq Entries CWE Definitions About & Contact Feedback CVE Help FAQ Articles External Links :
NVD Website CWE Web Site

Mirabilis » ICQ » 2000.0b Build3278 * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:a:mirabilis:icq:2000.0b_build3278:*:*:*:*:*:*:*

CVSS Scores Greater Than: 0 1 2 3 4 5 6 7 8 9

Sort Results By : CVE Number Descending CVE Number Ascending CVSS Score Descending Number Of Exploits Descending

Copy Results Download Results

#	CVE ID	CWE ID	# of Exploits	Vulnerability Type(s)	Publish Date	Update Date	Score	Gained Access Level	Access	Complexity	Authentication	Conf.	Integ.	Avail.
1	CVE-2006-4662			Exec Code Overflow	2006-09-09	2018-10-17	7.5	None	Remote	Low	Not required	Partial	Partial	Partial
Heap-based buffer overflow in the MCRegEx__Search function in AOL ICQ Pro 2003b Build 3916 and earlier allows remote attackers to execute arbitrary code via an inconsistent length field of a Message in a 0x2711 Type-Length-Value (TLV) type.
2	CVE-2003-0239			DoS	2003-05-27	2017-07-11	5.0	None	Remote	Low	Not required	None	None	Partial
icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service via malformed GIF89a headers that do not contain a GCT (Global Color Table) or an LCT (Local Color Table) after an Image Descriptor.
3	CVE-2003-0238			DoS	2003-05-27	2017-07-11	5.0	None	Remote	Low	Not required	None	None	Partial
The Message Session window in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service (CPU consumption) by spoofing the address of an ADS server and sending HTML with a -1 width in a table tag.
4	CVE-2003-0237				2003-05-27	2017-07-11	7.5	None	Remote	Low	Not required	Partial	Partial	Partial
The "ICQ Features on Demand" functionality for Mirabilis ICQ Pro 2003a does not properly verify the authenticity of software upgrades, which allows remote attackers to install arbitrary software via a spoofing attack.
5	CVE-2003-0236			Exec Code	2003-05-27	2017-07-11	7.5	None	Remote	Low	Not required	Partial	Partial	Partial
Integer signedness errors in the POP3 client for Mirabilis ICQ Pro 2003a allow remote attackers to execute arbitrary code via the (1) Subject or (2) Date headers.
6	CVE-2003-0235			Exec Code	2003-05-27	2017-07-11	7.5	None	Remote	Low	Not required	Partial	Partial	Partial
Format string vulnerability in POP3 client for Mirabilis ICQ Pro 2003a allows remote malicious servers to execute arbitrary code via format strings in the response to a UIDL command.
7	CVE-2002-0028			Exec Code Overflow	2002-02-27	2017-10-10	7.5	None	Remote	Low	Not required	Partial	Partial	Partial
Buffer overflow in ICQ before 2001B Beta v5.18 Build #3659 allows remote attackers to execute arbitrary code via a Voice Video & Games request.
8	CVE-2001-1305				2001-08-17	2016-10-18	5.0	None	Remote	Low	Not required	None	Partial	None
ICQ 2001a Alpha and earlier allows remote attackers to automatically add arbitrary UINs to an ICQ user's contact list via a URL to a web page with a Content-Type of application/x-icq, which is processed by Internet Explorer.
9	CVE-2001-0367			DoS	2001-06-27	2016-10-18	5.0	None	Remote	Low	Not required	None	None	Partial
Mirabilis ICQ WebFront Plug-in ICQ2000b Build 3278 allows a remote attacker to create a denial of service via HTTP URL requests containing a large number of % characters.

Total number of vulnerabilities : 9 Page : 1 (This Page)

CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.