Vulnerabilities > CVE-2006-5650 - Remote Code Execution vulnerability in AOL ICQ 5.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote attackers to download and execute arbitrary code via the DownloadAgent function, as demonstrated using an ICQ avatar.
Exploit-Db
description America Online ICQ ActiveX Control Arbitrary File Download and Execute. CVE-2006-5650. Remote exploit for windows platform id EDB-ID:16554 last seen 2016-02-02 modified 2010-11-24 published 2010-11-24 reporter metasploit source https://www.exploit-db.com/download/16554/ title America Online ICQ ActiveX Control Arbitrary File Download and Execute description America Online ICQ 5.1 ActiveX Control Remote Code Execution Vulnerability. CVE-2006-5650. Remote exploit for windows platform id EDB-ID:28916 last seen 2016-02-03 modified 2006-11-06 published 2006-11-06 reporter Peter Vreugdenhil source https://www.exploit-db.com/download/28916/ title America Online ICQ 5.1 - ActiveX Control Remote Code Execution Vulnerability
Metasploit
| description | This module allows remote attackers to download and execute arbitrary files on a users system via the DownloadAgent function of the ICQPhone.SipxPhoneManager ActiveX control. |
| id | MSF:EXPLOIT/WINDOWS/BROWSER/AOL_ICQ_DOWNLOADAGENT |
| last seen | 2020-06-13 |
| modified | 2017-07-24 |
| published | 2009-10-13 |
| references | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5650 |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/aol_icq_downloadagent.rb |
| title | America Online ICQ ActiveX Control Arbitrary File Download and Execute |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/83020/aol_icq_downloadagent.rb.txt |
| id | PACKETSTORM:83020 |
| last seen | 2016-12-05 |
| published | 2009-11-26 |
| reporter | MC |
| source | https://packetstormsecurity.com/files/83020/America-Online-ICQ-ActiveX-Control-Arbitrary-File-Download-and-Execute..html |
| title | America Online ICQ ActiveX Control Arbitrary File Download and Execute. |
Saint
| bid | 20930 |
| description | AOL ICQ ActiveX DownloadAgent vulnerability |
| id | misc_aol_icqphone |
| osvdb | 30220 |
| title | aol_icq_downloadagent |
| type | client |
References
- http://secunia.com/advisories/22670
- http://securityreason.com/securityalert/1830
- http://securitytracker.com/id?1017163
- http://www.securityfocus.com/archive/1/450726/100/0/threaded
- http://www.securityfocus.com/bid/20930
- http://www.vupen.com/english/advisories/2006/4362
- http://www.zerodayinitiative.com/advisories/ZDI-06-037.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30059