CVE-2006-5650 - The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote attackers to d

CVE-2006-5650

Summary

The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote attackers to download and execute arbitrary code via the DownloadAgent function, as demonstrated using an ICQ avatar.

References

Vulnerable Configurations

cpe:2.3:a:aol:icq:5.1:*:*:*:*:*:*:*
cpe:2.3:a:aol:icq:5.1:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 17-10-2018 - 21:44)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	20930
bugtraq	20061106 ZDI-06-037: America Online ICQ ActiveX Control Code Execution Vulnerability
misc	http://www.zerodayinitiative.com/advisories/ZDI-06-037.html
sectrack	1017163
secunia	22670
sreason	1830
vupen	ADV-2006-4362
xf	aol-icq-code-execution(30059)

saint via4

bid	20930
description	AOL ICQ ActiveX DownloadAgent vulnerability
id	misc_aol_icqphone
osvdb	30220
title	aol_icq_downloadagent
type	client

Last major update

17-10-2018 - 21:44

Published

07-11-2006 - 19:07

Last modified

17-10-2018 - 21:44