CVE-2011-0487

Published: Jan 18, 2011Modified: Apr 29, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

ICQ 7 does not verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a crafted file that is fetched through an automatic-update mechanism.

Affected (1)

Products: Icq: Icq

Icq

1 product

Icq

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Icq Icq	Version 7

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (10)

http://osvdb.org/70486

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/680540

Source: cve@mitre.org

US Government Resource

http://www.securityfocus.com/archive/1/515724/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/45805

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/64711

Source: cve@mitre.org

http://osvdb.org/70486