Vulnerabilities > Mirabilis > ICQ > 2003a.build3799

DATE CVE VULNERABILITY TITLE RISK
2006-09-09 CVE-2006-4662 Remote Heap Buffer Overflow vulnerability in ICQ MCRegEx__Search
Heap-based buffer overflow in the MCRegEx__Search function in AOL ICQ Pro 2003b Build 3916 and earlier allows remote attackers to execute arbitrary code via an inconsistent length field of a Message in a 0x2711 Type-Length-Value (TLV) type.
network
low complexity
mirabilis
7.5
2003-09-22 CVE-2003-0769 Unspecified vulnerability in Mirabilis ICQ 2003Abuild3777/2003Abuild3799/2003Abuild3800
Cross-site scripting (XSS) vulnerability in the ICQ Web Front guestbook (guestbook.html) allows remote attackers to insert arbitrary web script and HTML via the message field.
network
mirabilis
4.3
2003-05-27 CVE-2003-0239 Denial Of Service vulnerability in Mirabilis ICQ GIF Parsing
icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service via malformed GIF89a headers that do not contain a GCT (Global Color Table) or an LCT (Local Color Table) after an Image Descriptor.
network
low complexity
mirabilis
5.0
2003-05-27 CVE-2003-0238 Denial Of Service vulnerability in Mirabilis ICQ Message Session Window
The Message Session window in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service (CPU consumption) by spoofing the address of an ADS server and sending HTML with a -1 width in a table tag.
network
low complexity
mirabilis
5.0
2003-05-27 CVE-2003-0237 Remote Command Execution vulnerability in Mirabilis ICQ Features On Demand
The "ICQ Features on Demand" functionality for Mirabilis ICQ Pro 2003a does not properly verify the authenticity of software upgrades, which allows remote attackers to install arbitrary software via a spoofing attack.
network
low complexity
mirabilis
7.5
2003-05-27 CVE-2003-0236 Integer Overflow vulnerability in Mirabilis ICQ POP3 Client Subject Field Signed
Integer signedness errors in the POP3 client for Mirabilis ICQ Pro 2003a allow remote attackers to execute arbitrary code via the (1) Subject or (2) Date headers.
network
low complexity
mirabilis
7.5
2003-05-27 CVE-2003-0235 Unspecified vulnerability in Mirabilis ICQ
Format string vulnerability in POP3 client for Mirabilis ICQ Pro 2003a allows remote malicious servers to execute arbitrary code via format strings in the response to a UIDL command.
network
low complexity
mirabilis
7.5