header-logo
Suggest Exploit
vendor:
ICQ
by:
Unknown
7.5
CVSS
HIGH
Remote Code Execution
94
CWE
Product Name: ICQ
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002

ICQ Sound Scheme File Remote Modification Vulnerability

ICQ is an instant messenger client for Microsoft Windows systems. ICQ includes support for sound schemes. ICQ sound scheme files are generally given the .scm extension. Reportedly, it is possible for a remote party to modify sound settings in ICQ by forcing a vulnerable user to access a blank .scm file. Allegedly, this may be done if the user views maliciously formatted HTML under some browsers. The HTML must reference a sound scheme file within an IFRAME tag.

Mitigation:

Users should avoid accessing untrusted HTML documents.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5239/info

ICQ is an instant messenger client for Microsoft Windows systems. ICQ includes support for sound schemes. ICQ sound scheme files are generally given the .scm extension.

Reportedly, it is possible for a remote party to modify sound settings in ICQ by forcing a vulnerable user to access a blank .scm file. Allegedly, this may be done if the user views maliciously formatted HTML under some browsers. The HTML must reference a sound scheme file within an IFRAME tag. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/21618.scm

Navigation

Suggest Exploit

Services By CQR