CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
85.4%
The “ICQ Features on Demand” functionality for Mirabilis ICQ Pro 2003a does not properly verify the authenticity of software upgrades, which allows remote attackers to install arbitrary software via a spoofing attack.
Vendor | Product | Version | CPE |
---|---|---|---|
mirabilis | icq | 99a+2.21build1800 | cpe:/a:mirabilis:icq:99a+2.21build1800::: |
mirabilis | icq | 2003a+build3800 | cpe:/a:mirabilis:icq:2003a+build3800::: |
mirabilis | icq | 2001a | cpe:/a:mirabilis:icq:2001a::: |
mirabilis | icq | 2000.0b+build3278 | cpe:/a:mirabilis:icq:2000.0b+build3278::: |
mirabilis | icq | 2001b+build3659 | cpe:/a:mirabilis:icq:2001b+build3659::: |
mirabilis | icq | 99a+2.15build1701 | cpe:/a:mirabilis:icq:99a+2.15build1701::: |
mirabilis | icq | 2003a+build3799 | cpe:/a:mirabilis:icq:2003a+build3799::: |
mirabilis | icq | 2003a+build3777 | cpe:/a:mirabilis:icq:2003a+build3777::: |
mirabilis | icq | 2001b+build3638 | cpe:/a:mirabilis:icq:2001b+build3638::: |
mirabilis | icq | 2001b+build3636 | cpe:/a:mirabilis:icq:2001b+build3636::: |