Follow @discotekdotca
CVE-2003-0237
Current Description
The "ICQ Features on Demand" functionality for Mirabilis ICQ Pro 2003a does not properly verify the authenticity of software upgrades, which allows remote attackers to install arbitrary software via a spoofing attack.
Basic Data
| Published | May 27, 2003 |
|---|---|
| Last Modified | July 11, 2017 |
| Assigner | cve@mitre.org |
| Data Type | CVE |
| Data Format | MITRE |
| Data Version | 4.0 |
| Problem Type | NVD-CWE-Other |
| CVE Data Version | 4.0 |
Base Metric V2
| CVSS 2 - Version | 2.0 |
|---|---|
| CVSS 2 - Vector String | AV:N/AC:L/Au:N/C:P/I:P/A:P |
| CVSS 2 - Access Vector | NETWORK |
| CVSS 2 - Access Complexity | LOW |
| CVSS 2 - Authentication | NONE |
| CVSS 2 - Confidentiality Impact | PARTIAL |
| CVSS 2 - Availability Impact | PARTIAL |
| CVSS 2 - Base Score | 7.5 |
| Severity | HIGH |
| Exploitability Score | 10.0 |
| Impact Score | 6.4 |
| Obtain All Privilege | false |
| Obtain User Privilege | false |
| Obtain Other Privilege | true |
Base Metric V3
No data provided.
Configurations
-
OR - Configuration 1
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 Application Mirabilis Icq 99a_2.15build1701 * * * * * * * � � � � 2.3 Application Mirabilis Icq 99a_2.21build1800 * * * * * * * � � � � 2.3 Application Mirabilis Icq 2000.0a * * * * * * * � � � � 2.3 Application Mirabilis Icq 2000.0b_build3278 * * * * * * * � � � � 2.3 Application Mirabilis Icq 2001a * * * * * * * � � � � 2.3 Application Mirabilis Icq 2001b_build3636 * * * * * * * � � � � 2.3 Application Mirabilis Icq 2001b_build3638 * * * * * * * � � � � 2.3 Application Mirabilis Icq 2001b_build3659 * * * * * * * � � � � 2.3 Application Mirabilis Icq 2002a_build3722 * * * * * * * � � � � 2.3 Application Mirabilis Icq 2002a_build3727 * * * * * * * � � � � 2.3 Application Mirabilis Icq 2003a_build3777 * * * * * * * � � � � 2.3 Application Mirabilis Icq 2003a_build3799 * * * * * * * � � � � 2.3 Application Mirabilis Icq 2003a_build3800 * * * * * * * � � � �
Vulnerable Software List
| Vendor | Product | Versions |
|---|---|---|
| Mirabilis | Icq | 2000.0a, 2000.0b_build3278, 2001a, 2001b_build3636, 2001b_build3638, 2001b_build3659, 2002a_build3722, 2002a_build3727, 2003a_build3777, 2003a_build3799, 2003a_build3800, 99a_2.15build1701, 99a_2.21build1800 |
References
| Name | Source | URL | Tags |
|---|---|---|---|
| 20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client | http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0051.html | VULNWATCH | |
| 20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client | http://marc.info/?l=bugtraq&m=105216842131995&w=2 | BUGTRAQ | |
| http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10 | http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10 | MISC | Vendor Advisory |
| 7464 | http://www.securityfocus.com/bid/7464 | BID | Patch Vendor Advisory |
| icq-features-no-auth(11944) | https://exchange.xforce.ibmcloud.com/vulnerabilities/11944 | XF |