America Online ICQ ActiveX Control DownloadAgent Function Code Execution (CVE-2006-5650)

The AOL ICQ product is a messaging application widely used by home users and in small to medium size companies. The messenger application ships with various extra features in addition to its regular function of text message exchanges. One such feature introduced in the ICQ clients is the ability ...

AOL ICQ ActiveX DownloadAgent vulnerability

Added: 12/15/2006 CVE: CVE-2006-5650 BID: 20930 OSVDB: 30220 Background America Online AOL ICQ is a widely used program for communicating with other users on the Internet. Problem The ICQPhone.SipxPhoneManager ActiveX control, which is installed with ICQ, includes a function called DownloadAgent...

AOL ICQ ActiveX DownloadAgent vulnerability

Added: 12/15/2006 CVE: CVE-2006-5650 BID: 20930 OSVDB: 30220 Background America Online AOL ICQ is a widely used program for communicating with other users on the Internet. Problem The ICQPhone.SipxPhoneManager ActiveX control, which is installed with ICQ, includes a function called DownloadAgent...

AOL ICQ ActiveX DownloadAgent vulnerability

Added: 12/15/2006 CVE: CVE-2006-5650 BID: 20930 OSVDB: 30220 Background America Online AOL ICQ is a widely used program for communicating with other users on the Internet. Problem The ICQPhone.SipxPhoneManager ActiveX control, which is installed with ICQ, includes a function called DownloadAgent...

AOL ICQ ActiveX DownloadAgent vulnerability

Added: 12/15/2006 CVE: CVE-2006-5650 BID: 20930 OSVDB: 30220 Background America Online AOL ICQ is a widely used program for communicating with other users on the Internet. Problem The ICQPhone.SipxPhoneManager ActiveX control, which is installed with ICQ, includes a function called DownloadAgent...

CVE-2006-5650

The CVE-2006-5650 vulnerability affects AOL ICQ 5.1 via the ICQPhone.SipxPhoneManager ActiveX control. The flaw resides in the DownloadAgent function, which downloads a file from a given URL and executes it, enabling a remote attacker to run arbitrary code on the victim’s system (in the context o...

CVE-2006-5650

The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote attackers to download and execute arbitrary code via the DownloadAgent function, as demonstrated using an ICQ avatar...

America Online ICQ ActiveX Control Code Execution Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of AOL ICQ. User interaction is not required to exploit this vulnerability. The specific flaw exists in the DownloadAgent function of the ICQPhone.SipxPhoneManager ActiveX control with the following CLSID:...

[Full-disclosure] ZDI-06-037: America Online ICQ ActiveX Control Code Execution Vulnerability

ZDI-06-037: America Online ICQ ActiveX Control Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-037.html November 6, 2006 -- CVE ID: CVE-2006-5650 -- Affected Vendor: America Online -- Affected Products: America Online ICQ 5.1 -- TippingPointTM IPS Customer...