Vulnerabilities > ICQ
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-01-18 | CVE-2011-0487 | Code Injection vulnerability in ICQ 7 ICQ 7 does not verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a crafted file that is fetched through an automatic-update mechanism. | 9.3 |
2009-09-01 | CVE-2008-7136 | Improper Input Validation vulnerability in ICQ Toolbar 2.3 toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers to cause a denial of service (toolbar crash) via a long argument to the (1) RequestURL, (2) GetPropertyById, or (3) SetPropertyById method, different vectors than CVE-2008-7135. | 4.3 |
2009-09-01 | CVE-2008-7135 | Improper Input Validation vulnerability in ICQ Toolbar 2.3 toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers to cause a denial of service (toolbar crash) via a long argument to the IsChecked method, a different vector than CVE-2008-7136. | 4.3 |
2009-06-04 | CVE-2009-1915 | Buffer Errors vulnerability in ICQ 6.5 Stack-based buffer overflow in the URL Search Hook (ICQToolBar.dll) in ICQ 6.5 allows remote attackers to cause a denial of service (persistent crash) and possibly execute arbitrary code via an Internet shortcut .URL file containing a long URL parameter, which triggers a crash when browsing a folder that contains this file. | 4.3 |
2008-04-23 | CVE-2008-1920 | Buffer Errors vulnerability in ICQ Mirabilis ICQ 6.0 Heap-based buffer overflow in the boxelyRenderer module in the Personal Status Manager feature in ICQ 6.0 build 6043 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted personal status message. | 7.5 |
2008-03-03 | CVE-2008-1120 | USE of Externally-Controlled Format String vulnerability in ICQ Mirabilis ICQ 6 Format string vulnerability in the embedded Internet Explorer component for Mirabilis ICQ 6 build 6043 allows remote servers to execute arbitrary code or cause a denial of service (crash) via unspecified vectors related to HTML code generation. | 9.3 |
2000-06-06 | CVE-2000-0552 | Incomplete Cleanup vulnerability in ICQ 2000A ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information. | 5.5 |
1999-10-17 | CVE-1999-1342 | Unspecified vulnerability in ICQ Activelist Server ICQ ActiveList Server allows remote attackers to cause a denial of service (crash) via malformed packets to the server's UDP port. | 5.0 |