CVE-2003-0237

The "ICQ Features on Demand" functionality for Mirabilis ICQ Pro 2003a does not properly verify the authenticity of software upgrades, which allows remote attackers to install arbitrary software via a spoofing attack.

Published: May 27, 2003
Updated: Apr 13, 2023
CVE: CVE-2003-0237
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mirabilis / icq	2001b_build3636	2001b_build3636.x
mirabilis / icq	2003a_build3777	2003a_build3777.x
mirabilis / icq	99a_2.21build1800	99a_2.21build1800.x
mirabilis / icq	2002a_build3722	2002a_build3722.x
mirabilis / icq	99a_2.15build1701	99a_2.15build1701.x
mirabilis / icq	2001a	2001a.x
mirabilis / icq	2002a_build3727	2002a_build3727.x
mirabilis / icq	2003a_build3799	2003a_build3799.x
mirabilis / icq	2001b_build3638	2001b_build3638.x
mirabilis / icq	2003a_build3800	2003a_build3800.x
mirabilis / icq	2000.0a	2000.0a.x
mirabilis / icq	2000.0b_build3278	2000.0b_build3278.x
mirabilis / icq	2001b_build3659	2001b_build3659.x

Vulnerability Database

290,206

CVE-2003-0237