CVE-2006-0766

ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions and bypass Windows security warnings via a filename that ends in an assumed-safe extension such as JPG, and possibly containing other modified properties such as company name, icon, and description, which could trick a user into executing arbitrary programs.

Published: Feb 18, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-0766
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mirabilis / icq	2003b	2003b.x
mirabilis / icq	2003a	2003a.x
mirabilis / icq_lite	4.0	4.0.x
mirabilis / icq_lite	4.1	4.1.x

http://www.securityfocus.com/archive/1/425078/100/0/threaded
http://www.securityfocus.com/bid/16655

Vulnerability Database

CVE-2006-0766

Deep Security Visibility Without the Complexity