America Online ICQ ActiveX Control Remote Code Execution Vulnerability
BID:20930
Info
America Online ICQ ActiveX Control Remote Code Execution Vulnerability
| Bugtraq ID: | 20930 |
| Class: | Design Error |
| CVE: |
CVE-2006-5650 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 06 2006 12:00AM |
| Updated: | Mar 19 2015 09:44AM |
| Credit: | Peter Vreugdenhil is credited with the discovery of this vulnerability. |
| Vulnerable: |
ICQ Inc. ICQ 5.1 |
| Not Vulnerable: | |
Discussion
America Online ICQ ActiveX Control Remote Code Execution Vulnerability
The America Online ICQ ActiveX Control is prone to a remote code-execution vulnerability.
An attacker could exploit this issue simply by sending a message to a victim ICQ user. Successful exploits could allow the attacker to execute arbitrary code.
The ICQPhone.SipxPhoneManager ActiveX control with the following CLSID is affected:
54BDE6EC-F42F-4500-AC46-905177444300
The America Online ICQ ActiveX Control is prone to a remote code-execution vulnerability.
An attacker could exploit this issue simply by sending a message to a victim ICQ user. Successful exploits could allow the attacker to execute arbitrary code.
The ICQPhone.SipxPhoneManager ActiveX control with the following CLSID is affected:
54BDE6EC-F42F-4500-AC46-905177444300
Exploit / POC
America Online ICQ ActiveX Control Remote Code Execution Vulnerability
The following exploit code is added;
The following exploit code is added;
Solution / Fix
America Online ICQ ActiveX Control Remote Code Execution Vulnerability
Solution:
The vendor has released a fix, which is automatically applied when connecting to the America Online ICQ service.
Solution:
The vendor has released a fix, which is automatically applied when connecting to the America Online ICQ service.
References
America Online ICQ ActiveX Control Remote Code Execution Vulnerability
References:
References: