High

CVE-2003-0236 - Unspecified vulnerability in Mirabilis ICQ

Publication: 2003-05-27
Summary

Integer signedness errors in the POP3 client for Mirabilis ICQ Pro 2003a allow remote attackers to execute arbitrary code via the (1) Subject or (2) Date headers.

Risk level (CVSS 7.5)

High

7.5

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Mirabilis ICQ 99a_2.15build1701
  • Mirabilis ICQ 2003a_build3800
  • Mirabilis ICQ 2000.0a
  • Mirabilis ICQ 2000.0b_build3278
  • Mirabilis ICQ 2001a
  • Mirabilis ICQ 2001b_build3636
  • Mirabilis ICQ 99a_2.21build1800
  • Mirabilis ICQ 2001b_build3659
  • Mirabilis ICQ 2002a_build3722
  • Mirabilis ICQ 2002a_build3727
  • Mirabilis ICQ 2003a_build3777
  • Mirabilis ICQ 2003a_build3799
  • Mirabilis ICQ 2001b_build3638