Lucene search

K
cve[email protected]CVE-2003-0237
HistoryMay 27, 2003 - 4:00 a.m.

CVE-2003-0237

2003-05-2704:00:00
web.nvd.nist.gov
26
icq
pro
2003a
software
upgrade
authenticity
remote attackers
arbitrary software
spoofing attack

5.6 Medium

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

85.3%

The β€œICQ Features on Demand” functionality for Mirabilis ICQ Pro 2003a does not properly verify the authenticity of software upgrades, which allows remote attackers to install arbitrary software via a spoofing attack.

Affected configurations

NVD
Node
mirabilisicqMatch99a_2.15build1701
OR
mirabilisicqMatch99a_2.21build1800
OR
mirabilisicqMatch2000.0a
OR
mirabilisicqMatch2000.0b_build3278
OR
mirabilisicqMatch2001a
OR
mirabilisicqMatch2001b_build3636
OR
mirabilisicqMatch2001b_build3638
OR
mirabilisicqMatch2001b_build3659
OR
mirabilisicqMatch2002a_build3722
OR
mirabilisicqMatch2002a_build3727
OR
mirabilisicqMatch2003a_build3777
OR
mirabilisicqMatch2003a_build3799
OR
mirabilisicqMatch2003a_build3800

5.6 Medium

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

85.3%