B0B

**Name of the Vulnerable Software and Affected Versions** Mirabilis ICQ versions earlier than 6 Build 6059 **Description** The issue is related to a format string vulnerability in the embedded Internet Explorer component. This vulnerability can be triggered when processing HTML messages with a format string specifier, such as `%020000000p`. If a remote attacker can trick a user into viewing a malicious message, they may be able to crash the application or execute arbitrary code on the remote host, subject to the user's privileges. **Recommendations** For versions earlier than 6 Build 6059, update to version 6 Build 6059 or later to resolve the issue. As a temporary workaround, consider avoiding the use of HTML messages with format string specifiers until the issue is resolved. Restrict access to potentially malicious messages to minimize the risk of exploitation.