ICQ 7 Instant Messaging Client Remote Code Execution Vulnerability Network Vulnerability

Summary

This host has ICQ installed and is prone remote code execution vulnerability.

Impact

Successful exploitation allows the man-in-the-middle attackers to execute arbitrary code via a crafted file that is fetched through an automatic update mechanism. Impact Level: System/Application

Solution

Upgrade to ICQ 7.4.4629 or later, For updates refer to http://www.icq.com

Insight

The flaw is due to an error in automatic update mechanism. It does not check the identity of the update server or the authenticity of the updates that it downloads through its automatic update mechanism.

Affected

ICQ version 7.0 to 7.2(7.2.0.3525) on Windows

References

http://www.kb.cert.org/vuls/id/680540
http://www.securityfocus.com/archive/1/515724

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0487

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Dreamweaver Insecure Library Loading Vulnerability
Adobe Air Multiple Vulnerabilities - December12 (Windows)
Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Windows
Adobe Acrobat Multiple Vulnerabilities -01 Jan 13 (Mac OS X)
Adobe Acrobat Multiple Vulnerabilities - 01 May14 (Mac OS X)

Take action and discover your vulnerabilities