High

CVE-2003-0235 - Unspecified vulnerability in Mirabilis ICQ

Publication: 2003-05-27
Summary

Format string vulnerability in POP3 client for Mirabilis ICQ Pro 2003a allows remote malicious servers to execute arbitrary code via format strings in the response to a UIDL command.

Risk level (CVSS 7.5)

High

7.5

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Mirabilis ICQ 99a_2.15build1701
  • Mirabilis ICQ 2003a_build3800
  • Mirabilis ICQ 2000.0a
  • Mirabilis ICQ 2000.0b_build3278
  • Mirabilis ICQ 2001a
  • Mirabilis ICQ 2001b_build3636
  • Mirabilis ICQ 99a_2.21build1800
  • Mirabilis ICQ 2001b_build3659
  • Mirabilis ICQ 2002a_build3722
  • Mirabilis ICQ 2002a_build3727
  • Mirabilis ICQ 2003a_build3777
  • Mirabilis ICQ 2003a_build3799
  • Mirabilis ICQ 2001b_build3638