CVE-2008-1120

Name of the Vulnerable Software and Affected Versions Mirabilis ICQ versions earlier than 6 Build 6059

Description The issue is related to a format string vulnerability in the embedded Internet Explorer component. This vulnerability can be triggered when processing HTML messages with a format string specifier, such as %020000000p. If a remote attacker can trick a user into viewing a malicious message, they may be able to crash the application or execute arbitrary code on the remote host, subject to the user's privileges.

Recommendations For versions earlier than 6 Build 6059, update to version 6 Build 6059 or later to resolve the issue. As a temporary workaround, consider avoiding the use of HTML messages with format string specifiers until the issue is resolved. Restrict access to potentially malicious messages to minimize the risk of exploitation.