Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1305

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2001-1305
Last Modified 10 Sep 2008 03:10:13
Published 17 Aug 2001 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-1305

Summary

ICQ 2001a Alpha and earlier allows remote attackers to automatically add arbitrary UINs to an ICQ user's contact list via a URL to a web page with a Content-Type of application/x-icq, which is processed by Internet Explorer.

Vulnerable Systems

Application

  • Mirabilis Icq 2000.0a

  • Mirabilis Icq 2000.0b Build3278

  • Mirabilis Icq 2001a


References

XF - icq-auto-add-user(7028)

BID - 3226

BUGTRAQ - 20010822 Hexyn / Securax Advisory #22 - ICQ Forced Auto-Add Users


Last Updated: 27 May 2016 10:36:36