Lucene search

[email protected]CVE-2008-1920

HistoryApr 23, 2008 - 1:05 p.m.

CVE-2008-1920

2008-04-2313:05:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-1920

buffer overflow

icq

personal status manager

remote code execution

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

High

0.158 Low

EPSS

Percentile

96.0%

JSON

Heap-based buffer overflow in the boxelyRenderer module in the Personal Status Manager feature in ICQ 6.0 build 6043 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted personal status message.

Affected configurations

NVD

Node

icqmirabilis_icqMatch6.0

CPENameOperatorVersion
icq:mirabilis_icqicq mirabilis icqeq6.0

CPE	Name	Operator	Version
icq:mirabilis_icq	icq mirabilis icq	eq	6.0

References

secunia.com/advisories/29821

www.infigo.hr/en/in_focus/advisories/INFIGO-2008-04-08

www.securityfocus.com/archive/1/490921/100/0/threaded

www.securityfocus.com/bid/28803

www.vupen.com/english/advisories/2008/1299/references

exchange.xforce.ibmcloud.com/vulnerabilities/41852

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

High

0.158 Low

EPSS

Percentile

96.0%

JSON

Related for CVE-2008-1920

prion1 cvelist1 nvd1