mirabilis 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk input validation、バッファオーバーフロー、vendor risk denial of service, and vendor risk cross-site scripting があり、vendor surface production workloads and vendor surface software deployment の利用場面で vendor impact unexpected behavior などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2006-5724 | Heap-based buffer overflow the "Answering Service" function in ICQ 2003b Build 3916 allows local users to cause a denial of service (application crash) via a long string in the "AwayMsg Presets" value in the ICQ\ICQPro\DefaultPrefs\Presets registry key. | [email protected] | 2.1 | 0.17% | 2006-11-04 | 2026-04-23 |
| CVE-2006-4662 | Heap-based buffer overflow in the MCRegEx__Search function in AOL ICQ Pro 2003b Build 3916 and earlier allows remote attackers to execute arbitrary code via an inconsistent length field of a Message in a 0x2711 Type-Length-Value (TLV) type. | [email protected] | 7.5 | 15.09% | 2006-09-09 | 2026-04-16 |
| CVE-2006-2303 | Cross-Application Scripting (XAS) vulnerability in ICQ Client 5.04 build 2321 and earlier allows remote attackers to inject arbitrary web script from one application into another via a banner, which is processed in the My Computer zone using the Internet Explorer COM object. | [email protected] | 6.4 | 0.76% | 2006-05-11 | 2026-04-16 |
| CVE-2006-0766 | ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions and bypass Windows security warnings via a filename that ends in an assumed-safe extension such as JPG, and possibly containing other modified properties such as company name, icon, and description, which could trick a user into executing arbitrary programs. | [email protected] | 5.1 | 0.16% | 2006-02-18 | 2026-04-16 |
| CVE-2006-0765 | GUI display truncation vulnerability in ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions, bypass Windows security warnings via a filename that is all uppercase and of a specific length, which truncates the malicious extension from the display and could trick a user into executing arbitrary programs. | [email protected] | 5.1 | 0.16% | 2006-02-18 | 2026-04-16 |
| CVE-2005-3433 | Buffer overflow in Mirabilis ICQ 2003a allows user-assisted attackers to execute arbitrary code by convincing a user to enter long strings into the First Name and Last Name fields. | [email protected] | 5.1 | 0.84% | 2005-11-02 | 2026-04-16 |
| CVE-2003-0769 | Cross-site scripting (XSS) vulnerability in the ICQ Web Front guestbook (guestbook.html) allows remote attackers to insert arbitrary web script and HTML via the message field. | [email protected] | 4.3 | 0.69% | 2003-09-22 | 2026-04-16 |
| CVE-2003-0239 | icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service via malformed GIF89a headers that do not contain a GCT (Global Color Table) or an LCT (Local Color Table) after an Image Descriptor. | [email protected] | 5.0 | 1.28% | 2003-05-27 | 2026-04-16 |
| CVE-2003-0238 | The Message Session window in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service (CPU consumption) by spoofing the address of an ADS server and sending HTML with a -1 width in a table tag. | [email protected] | 5.0 | 1.12% | 2003-05-27 | 2026-04-16 |
| CVE-2003-0237 | The "ICQ Features on Demand" functionality for Mirabilis ICQ Pro 2003a does not properly verify the authenticity of software upgrades, which allows remote attackers to install arbitrary software via a spoofing attack. | [email protected] | 7.5 | 1.43% | 2003-05-27 | 2026-04-16 |
| CVE-2003-0236 | Integer signedness errors in the POP3 client for Mirabilis ICQ Pro 2003a allow remote attackers to execute arbitrary code via the (1) Subject or (2) Date headers. | [email protected] | 7.5 | 4.89% | 2003-05-27 | 2026-04-16 |
| CVE-2003-0235 | Format string vulnerability in POP3 client for Mirabilis ICQ Pro 2003a allows remote malicious servers to execute arbitrary code via format strings in the response to a UIDL command. | [email protected] | 7.5 | 0.91% | 2003-05-27 | 2026-04-16 |
| CVE-2002-2329 | ICQ client 2001b, 2002a and 2002b allows remote attackers to cause a denial of service (CPU consumption or crash) via a message with a large number of emoticons. | [email protected] | 7.8 | 1.00% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2075 | ICQ 2001a and 2002b allows remote attackers to cause a denial of service (memory consumption and hang) via a contact message with a large contacts number. | [email protected] | 5.0 | 1.17% | 2002-12-31 | 2026-04-16 |
| CVE-2002-1773 | Buffer overflow in ICQ 2.6x for MacOS X 10.0 through 10.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long request. | [email protected] | 7.5 | 26.43% | 2002-12-31 | 2026-04-16 |
| CVE-2002-1743 | AOL ICQ 2002a Build 3722 allows remote attackers to cause a denial of service (crash) via a malformed .hpf file. | [email protected] | 5.0 | 1.10% | 2002-12-31 | 2026-04-16 |
| CVE-2002-0254 | ICQ 2001b Build 3659 allows remote attackers to cause a denial of service (crash) via a malformed picture that contains large height and width values, which causes the crash when viewed in Userdetails. | [email protected] | 5.0 | 0.97% | 2002-05-29 | 2026-04-16 |
| CVE-2002-0028 | Buffer overflow in ICQ before 2001B Beta v5.18 Build #3659 allows remote attackers to execute arbitrary code via a Voice Video & Games request. | [email protected] | 7.5 | 11.66% | 2002-02-27 | 2026-04-16 |
| CVE-2001-1305 | ICQ 2001a Alpha and earlier allows remote attackers to automatically add arbitrary UINs to an ICQ user's contact list via a URL to a web page with a Content-Type of application/x-icq, which is processed by Internet Explorer. | [email protected] | 5.0 | 0.52% | 2001-08-17 | 2026-04-16 |
| CVE-2001-0367 | Mirabilis ICQ WebFront Plug-in ICQ2000b Build 3278 allows a remote attacker to create a denial of service via HTTP URL requests containing a large number of % characters. | [email protected] | 5.0 | 0.58% | 2001-06-27 | 2026-04-16 |