CVE-2006-0765

GUI display truncation vulnerability in ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions, bypass Windows security warnings via a filename that is all uppercase and of a specific length, which truncates the malicious extension from the display and could trick a user into executing arbitrary programs.

Published: Feb 18, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-0765
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mirabilis / icq	2003b	2003b.x
mirabilis / icq	2003a	2003a.x
mirabilis / icq_lite	4.0	4.0.x
mirabilis / icq_lite	4.1	4.1.x

http://www.securityfocus.com/archive/1/425078/100/0/threaded
http://www.securityfocus.com/bid/16655

Vulnerability Database

CVE-2006-0765

Deep Security Visibility Without the Complexity