Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0765

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-0765
Last Modified 05 Sep 2008 05:00:09
Published 17 Feb 2006 09:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-0765

Summary

GUI display truncation vulnerability in ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions, bypass Windows security warnings via a filename that is all uppercase and of a specific length, which truncates the malicious extension from the display and could trick a user into executing arbitrary programs.

Vulnerable Systems

Application

  • Mirabilis Icq 2003a

  • Mirabilis Icq 2003b

  • Mirabilis Icq Lite 4.0

  • Mirabilis Icq Lite 4.1


References

BID - 16655

BUGTRAQ - 20060215 Mirabiliz ICQ 2002/2003/ LITE 4.0/4.1 LONG (DIRECTORY + FILENAME) EXPLOIT


Last Updated: 27 May 2016 10:41:47