Vulnerabilities > CVE-2006-0766 - Unspecified vulnerability in Mirabilis ICQ and ICQ Lite

CVSS 5.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

high complexity

mirabilis

NVD

Published: 2006-02-18

Updated: 2018-10-19

Summary

ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions and bypass Windows security warnings via a filename that ends in an assumed-safe extension such as JPG, and possibly containing other modified properties such as company name, icon, and description, which could trick a user into executing arbitrary programs.

Vulnerable Configurations

Part	Description	Count
Application	Mirabilis Mirabilis ICQ 2003A Mirabilis ICQ 2003B Mirabilis ICQ Lite 4.0 Mirabilis ICQ Lite 4.1	4

References

http://www.securityfocus.com/archive/1/425078/100/0/threaded
http://www.securityfocus.com/bid/16655