ICQ 7 Instant Messaging Client RCE Vulnerability

ICQ is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Code injection

ICQ 7 does not verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a crafted file that is fetched through an automatic-update mechanism...

ICQ 7 Failed Origin Check

SUMMARY The ICQ 7 instant messaging client allows remote code execution due to a flaw in its automatic update mechanism. VULNERABLE APPLICATIONS All versions of ICQ 7 for Windows, up to version 7.2, build 3525 which is the current version ICQ 6 and older versions were not tested. Other ICQ client...

Mozilla Plugs Drive-By Download Holes in Firefox

Mozilla has released a new version of its flagship Firefox browser to fix 10 vulnerabilities that put Web surfers at risk of code execution attacks. The Firefox 3.5.3 update — available for Windows, Mac and Linux users — patches security holes that could allow drive-by download attacks if a user...