America Online ICQ ActiveX Control Code Execution Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of AOL ICQ. User interaction is not required to exploit this vulnerability. The specific flaw exists in the DownloadAgent function of the ICQPhone.SipxPhoneManager ActiveX control with the following CLSID:...

CVE-2001-1305

ICQ 2001a Alpha and earlier allows remote attackers to automatically add arbitrary UINs to an ICQ user's contact list via a URL to a web page with a Content-Type of application/x-icq, which is processed by Internet Explorer...