header-logo
Suggest Exploit
vendor:
ICQmailclient
by:
SecurityFocus
7.5
CVSS
HIGH
Unauthorized Access
284
CWE
Product Name: ICQmailclient
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

ICQmailclient Vulnerability

When using ICQmailclient, a user creates a temporary internet link in a default temporary directory, which remains even after the user signs out or closes ICQ. This link can be re-opened by another user, thus giving them full access to the ICQmail webaccount. The temporary link can be found in the default temp file (eg. c:emp) and appears as: http://cf.icq.com/cgi-bin/icqmail/write.pl5?uname=username&pwd=12345678

Mitigation:

Ensure that the temporary internet link is deleted after the user signs out or closes ICQ.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1307/info

While using ICQmailclient, the user creates a temporary internet link created in a default temporary directory, which remains even after the user signs out or closes ICQ. This link may be re-opened by another user, thus giving them full access to the ICQmail webaccount. 

The temporary link can be found in the default temp file (eg. c:\temp) and appears as:
http://cf.icq.com/cgi-bin/icqmail/write.pl5?uname=username&pwd=12345678

Navigation

Suggest Exploit

Services By CQR