High

CVE-2003-0237 - Unspecified vulnerability in Mirabilis ICQ

Publication: 2003-05-27
Summary

The "ICQ Features on Demand" functionality for Mirabilis ICQ Pro 2003a does not properly verify the authenticity of software upgrades, which allows remote attackers to install arbitrary software via a spoofing attack.

Risk level (CVSS 7.5)

High

7.5

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Mirabilis ICQ 99a_2.15build1701
  • Mirabilis ICQ 2003a_build3800
  • Mirabilis ICQ 2000.0a
  • Mirabilis ICQ 2000.0b_build3278
  • Mirabilis ICQ 2001a
  • Mirabilis ICQ 2001b_build3636
  • Mirabilis ICQ 99a_2.21build1800
  • Mirabilis ICQ 2001b_build3659
  • Mirabilis ICQ 2002a_build3722
  • Mirabilis ICQ 2002a_build3727
  • Mirabilis ICQ 2003a_build3777
  • Mirabilis ICQ 2003a_build3799
  • Mirabilis ICQ 2001b_build3638