Vulnerabilities > CVE-2006-5650 - Unspecified vulnerability in AOL ICQ 5.1

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
aol
exploit available
metasploit

Summary

The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote attackers to download and execute arbitrary code via the DownloadAgent function, as demonstrated using an ICQ avatar.

Vulnerable Configurations

Part Description Count
Application
Aol
1

Exploit-Db

  • descriptionAmerica Online ICQ ActiveX Control Arbitrary File Download and Execute. CVE-2006-5650. Remote exploit for windows platform
    idEDB-ID:16554
    last seen2016-02-02
    modified2010-11-24
    published2010-11-24
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16554/
    titleAmerica Online ICQ ActiveX Control Arbitrary File Download and Execute
  • descriptionAmerica Online ICQ 5.1 ActiveX Control Remote Code Execution Vulnerability. CVE-2006-5650. Remote exploit for windows platform
    idEDB-ID:28916
    last seen2016-02-03
    modified2006-11-06
    published2006-11-06
    reporterPeter Vreugdenhil
    sourcehttps://www.exploit-db.com/download/28916/
    titleAmerica Online ICQ 5.1 - ActiveX Control Remote Code Execution Vulnerability

Metasploit

descriptionThis module allows remote attackers to download and execute arbitrary files on a users system via the DownloadAgent function of the ICQPhone.SipxPhoneManager ActiveX control.
idMSF:EXPLOIT/WINDOWS/BROWSER/AOL_ICQ_DOWNLOADAGENT
last seen2020-06-13
modified2017-07-24
published2009-10-13
referenceshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5650
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/aol_icq_downloadagent.rb
titleAmerica Online ICQ ActiveX Control Arbitrary File Download and Execute

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/83020/aol_icq_downloadagent.rb.txt
idPACKETSTORM:83020
last seen2016-12-05
published2009-11-26
reporterMC
sourcehttps://packetstormsecurity.com/files/83020/America-Online-ICQ-ActiveX-Control-Arbitrary-File-Download-and-Execute..html
titleAmerica Online ICQ ActiveX Control Arbitrary File Download and Execute.

Saint

bid20930
descriptionAOL ICQ ActiveX DownloadAgent vulnerability
idmisc_aol_icqphone
osvdb30220
titleaol_icq_downloadagent
typeclient