Lucene search
HistoryMay 27, 2003 - 4:00 a.m.
CVE-2003-0237
icq
pro
2003a
software
upgrade
authenticity
remote attackers
arbitrary software
spoofing attack
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
5.6
Confidence
High
EPSS
0.012
Percentile
85.4%
The “ICQ Features on Demand” functionality for Mirabilis ICQ Pro 2003a does not properly verify the authenticity of software upgrades, which allows remote attackers to install arbitrary software via a spoofing attack.
Affected configurations
Node
mirabilisicqMatch99a_2.15build1701
ORmirabilisicqMatch99a_2.21build1800
ORmirabilisicqMatch2000.0a
ORmirabilisicqMatch2000.0b_build3278
ORmirabilisicqMatch2001a
ORmirabilisicqMatch2001b_build3636
ORmirabilisicqMatch2001b_build3638
ORmirabilisicqMatch2001b_build3659
ORmirabilisicqMatch2002a_build3722
ORmirabilisicqMatch2002a_build3727
ORmirabilisicqMatch2003a_build3777
ORmirabilisicqMatch2003a_build3799
ORmirabilisicqMatch2003a_build3800
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mirabilis | icq | 99a+2.21build1800 | cpe:/a:mirabilis:icq:99a+2.21build1800::: |
| mirabilis | icq | 2003a+build3800 | cpe:/a:mirabilis:icq:2003a+build3800::: |
| mirabilis | icq | 2001a | cpe:/a:mirabilis:icq:2001a::: |
| mirabilis | icq | 2000.0b+build3278 | cpe:/a:mirabilis:icq:2000.0b+build3278::: |
| mirabilis | icq | 2001b+build3659 | cpe:/a:mirabilis:icq:2001b+build3659::: |
| mirabilis | icq | 99a+2.15build1701 | cpe:/a:mirabilis:icq:99a+2.15build1701::: |
| mirabilis | icq | 2003a+build3799 | cpe:/a:mirabilis:icq:2003a+build3799::: |
| mirabilis | icq | 2003a+build3777 | cpe:/a:mirabilis:icq:2003a+build3777::: |
| mirabilis | icq | 2001b+build3638 | cpe:/a:mirabilis:icq:2001b+build3638::: |
| mirabilis | icq | 2001b+build3636 | cpe:/a:mirabilis:icq:2001b+build3636::: |
Related
nvd
nvd
CVE-2003-0237
2003-05-27 04:00:00
cvelist
cvelist
CVE-2003-0237
2003-05-07 04:00:00
securityvulns
securityvulns
CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client
2003-05-06 00:00:00
coresecurity
coresecurity
Multiple Vulnerabilities in Mirabilis ICQ Client
2003-05-05 00:00:00
nessus
nessus
ICQ < 2003b Multiple Vulnerabilities
2003-05-05 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
5.6
Confidence
High
EPSS
0.012
Percentile
85.4%
Related for CVE-2003-0237