Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0766


Vulnerability Score 5.1 5.1
CVE Id CVE-2006-0766
Last Modified 05 Sep 2008 05:00:09
Published 17 Feb 2006 09:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE



ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions and bypass Windows security warnings via a filename that ends in an assumed-safe extension such as JPG, and possibly containing other modified properties such as company name, icon, and description, which could trick a user into executing arbitrary programs.

Vulnerable Systems


  • Mirabilis Icq 2003a

  • Mirabilis Icq 2003b

  • Mirabilis Icq Lite 4.0

  • Mirabilis Icq Lite 4.1


BID - 16655

BUGTRAQ - 20060215 Mirabiliz ICQ 2002/2003/ LITE 4.0/4.1 LONG (DIRECTORY + FILENAME) EXPLOIT

Last Updated: 27 May 2016 10:41:48