Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.801574 |
Category: | General |
Title: | ICQ 7 Instant Messaging Client Remote Code Execution Vulnerability |
Summary: | This host has ICQ installed and is prone remote code execution;vulnerability. |
Description: | Summary: This host has ICQ installed and is prone remote code execution vulnerability. Vulnerability Insight: The flaw is due to an error in automatic update mechanism. It does not check the identity of the update server or the authenticity of the updates that it downloads through its automatic update mechanism. Vulnerability Impact: Successful exploitation allows the man-in-the-middle attackers to execute arbitrary code via a crafted file that is fetched through an automatic update mechanism. Affected Software/OS: ICQ version 7.0 to 7.2(7.2.0.3525) on Windows Solution: Upgrade to ICQ 7.4.4629 or later. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C |
Cross-Ref: |
BugTraq ID: 45805 Common Vulnerability Exposure (CVE) ID: CVE-2011-0487 http://www.securityfocus.com/bid/45805 Bugtraq: 20110114 Remote Code Execution in ICQ 7 (Google Search) http://www.securityfocus.com/archive/1/515724/100/0/threaded CERT/CC vulnerability note: VU#680540 http://www.kb.cert.org/vuls/id/680540 http://osvdb.org/70486 XForce ISS Database: icq-updates-code-execution(64711) https://exchange.xforce.ibmcloud.com/vulnerabilities/64711 |
Copyright | Copyright (C) 2011 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |