Mirabilis ICQ 2000.0 A Mailclient Temporary Link Vulnerability

2000-06-06T00:00:00
ID EDB-ID:19993
Type exploitdb
Reporter Gert Fokkema
Modified 2000-06-06T00:00:00

Description

Mirabilis ICQ 2000.0 A Mailclient Temporary Link Vulnerability. CVE-2000-0552. Local exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/1307/info

While using ICQmailclient, the user creates a temporary internet link created in a default temporary directory, which remains even after the user signs out or closes ICQ. This link may be re-opened by another user, thus giving them full access to the ICQmail webaccount. 

The temporary link can be found in the default temp file (eg. c:\temp) and appears as:
http://cf.icq.com/cgi-bin/icqmail/write.pl5?uname=username&pwd=12345678