Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0237

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0237
Last Modified 05 Sep 2008 04:33:49
Published 27 May 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0237

Summary

The "ICQ Features on Demand" functionality for Mirabilis ICQ Pro 2003a does not properly verify the authenticity of software upgrades, which allows remote attackers to install arbitrary software via a spoofing attack.

Vulnerable Systems

Application

  • Mirabilis Icq 2000.0a

  • Mirabilis Icq 2000.0b Build3278

  • Mirabilis Icq 2001a

  • Mirabilis Icq 2001b Build3636

  • Mirabilis Icq 2001b Build3638

  • Mirabilis Icq 2001b Build3659

  • Mirabilis Icq 2002a Build3722

  • Mirabilis Icq 2002a Build3727

  • Mirabilis Icq 2003a Build3777

  • Mirabilis Icq 2003a Build3799

  • Mirabilis Icq 2003a Build3800

  • Mirabilis Icq 99a 2.15build1701

  • Mirabilis Icq 99a 2.21build1800


References

BID - 7464

MISC - http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10

VULNWATCH - 20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client

XF - icq-features-no-auth(11944)


Last Updated: 27 May 2016 10:37:50