Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1305


Vulnerability Score 5.0 5.0
CVE Id CVE-2001-1305
Last Modified 10 Sep 2008 03:10:13
Published 17 Aug 2001 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



ICQ 2001a Alpha and earlier allows remote attackers to automatically add arbitrary UINs to an ICQ user's contact list via a URL to a web page with a Content-Type of application/x-icq, which is processed by Internet Explorer.

Vulnerable Systems


  • Mirabilis Icq 2000.0a

  • Mirabilis Icq 2000.0b Build3278

  • Mirabilis Icq 2001a


XF - icq-auto-add-user(7028)

BID - 3226

BUGTRAQ - 20010822 Hexyn / Securax Advisory #22 - ICQ Forced Auto-Add Users

Last Updated: 27 May 2016 10:36:36