Vulnerabilities > ICQ

DATE CVE VULNERABILITY TITLE RISK
2011-01-18 CVE-2011-0487 Code Injection vulnerability in ICQ 7
ICQ 7 does not verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a crafted file that is fetched through an automatic-update mechanism.
network
icq CWE-94
critical
9.3
2009-09-01 CVE-2008-7136 Improper Input Validation vulnerability in ICQ Toolbar 2.3
toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers to cause a denial of service (toolbar crash) via a long argument to the (1) RequestURL, (2) GetPropertyById, or (3) SetPropertyById method, different vectors than CVE-2008-7135.
network
icq CWE-20
4.3
2009-09-01 CVE-2008-7135 Improper Input Validation vulnerability in ICQ Toolbar 2.3
toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers to cause a denial of service (toolbar crash) via a long argument to the IsChecked method, a different vector than CVE-2008-7136.
network
icq CWE-20
4.3
2009-06-04 CVE-2009-1915 Buffer Errors vulnerability in ICQ 6.5
Stack-based buffer overflow in the URL Search Hook (ICQToolBar.dll) in ICQ 6.5 allows remote attackers to cause a denial of service (persistent crash) and possibly execute arbitrary code via an Internet shortcut .URL file containing a long URL parameter, which triggers a crash when browsing a folder that contains this file.
network
icq CWE-119
4.3
2008-04-23 CVE-2008-1920 Buffer Errors vulnerability in ICQ Mirabilis ICQ 6.0
Heap-based buffer overflow in the boxelyRenderer module in the Personal Status Manager feature in ICQ 6.0 build 6043 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted personal status message.
network
low complexity
icq CWE-119
7.5
2008-03-03 CVE-2008-1120 USE of Externally-Controlled Format String vulnerability in ICQ Mirabilis ICQ 6
Format string vulnerability in the embedded Internet Explorer component for Mirabilis ICQ 6 build 6043 allows remote servers to execute arbitrary code or cause a denial of service (crash) via unspecified vectors related to HTML code generation.
network
icq CWE-134
critical
9.3
2000-06-06 CVE-2000-0552 Incomplete Cleanup vulnerability in ICQ 2000A
ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information.
local
low complexity
icq CWE-459
5.5
1999-10-17 CVE-1999-1342 Unspecified vulnerability in ICQ Activelist Server
ICQ ActiveList Server allows remote attackers to cause a denial of service (crash) via malformed packets to the server's UDP port.
network
low complexity
icq
5.0