CVE-2006-0766

Name of the Vulnerable Software and Affected Versions ICQ versions 2003a through 2003b ICQ Lite versions 4.0 through 4.1

Description The issue allows remote attackers to hide malicious file extensions and bypass Windows security warnings by using a filename that ends in an assumed-safe extension, potentially tricking a user into executing arbitrary programs. This could be achieved by modifying properties such as company name, icon, and description.

Recommendations For ICQ versions 2003a and 2003b, consider avoiding the use of filenames with assumed-safe extensions until a fix is available. For ICQ Lite versions 4.0 and 4.1, restrict the execution of files received from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.