Lucene search
HistoryMay 27, 2003 - 4:00 a.m.
CVE-2003-0237
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.7
Confidence
Low
EPSS
0.012
Percentile
85.4%
The “ICQ Features on Demand” functionality for Mirabilis ICQ Pro 2003a does not properly verify the authenticity of software upgrades, which allows remote attackers to install arbitrary software via a spoofing attack.
Affected configurations
Node
mirabilisicqMatch99a_2.15build1701
ORmirabilisicqMatch99a_2.21build1800
ORmirabilisicqMatch2000.0a
ORmirabilisicqMatch2000.0b_build3278
ORmirabilisicqMatch2001a
ORmirabilisicqMatch2001b_build3636
ORmirabilisicqMatch2001b_build3638
ORmirabilisicqMatch2001b_build3659
ORmirabilisicqMatch2002a_build3722
ORmirabilisicqMatch2002a_build3727
ORmirabilisicqMatch2003a_build3777
ORmirabilisicqMatch2003a_build3799
ORmirabilisicqMatch2003a_build3800
Related
cve
cve
CVE-2003-0237
2003-05-27 04:00:00
cvelist
cvelist
CVE-2003-0237
2003-05-07 04:00:00
coresecurity
coresecurity
Multiple Vulnerabilities in Mirabilis ICQ Client
2003-05-05 00:00:00
securityvulns
securityvulns
CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client
2003-05-06 00:00:00
nessus
nessus
ICQ < 2003b Multiple Vulnerabilities
2003-05-05 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.7
Confidence
Low
EPSS
0.012
Percentile
85.4%
Related for NVD:CVE-2003-0237