PT-2011-2386 · U Mail · Icq

Published

2011-01-18

Updated

2018-10-09

CVE-2011-0487

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions ICQ version 7

Description The issue allows man-in-the-middle attackers to execute arbitrary code via a crafted file fetched through an automatic-update mechanism, due to the lack of authenticity verification of updates.

Recommendations For ICQ version 7, consider disabling the automatic-update mechanism until a patch is available to prevent potential exploitation.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2011-0487

Affected Products

Icq

PT-2011-2386 · U Mail · Icq

CVE-2011-0487

Weakness Enumeration

Related Identifiers

Affected Products

References · 6