Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0765


Vulnerability Score 5.1 5.1
CVE Id CVE-2006-0765
Last Modified 05 Sep 2008 05:00:09
Published 17 Feb 2006 09:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE



GUI display truncation vulnerability in ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions, bypass Windows security warnings via a filename that is all uppercase and of a specific length, which truncates the malicious extension from the display and could trick a user into executing arbitrary programs.

Vulnerable Systems


  • Mirabilis Icq 2003a

  • Mirabilis Icq 2003b

  • Mirabilis Icq Lite 4.0

  • Mirabilis Icq Lite 4.1


BID - 16655

BUGTRAQ - 20060215 Mirabiliz ICQ 2002/2003/ LITE 4.0/4.1 LONG (DIRECTORY + FILENAME) EXPLOIT

Last Updated: 27 May 2016 10:41:47