Description
The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote attackers to download and execute arbitrary code via the DownloadAgent function, as demonstrated using an ICQ avatar.
Affected products
- AOL / icq5.1 – 5.1
References
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/30059
- MISChttp://securityreason.com/securityalert/1830
- VENDOR_ADVISORYhttp://www.zerodayinitiative.com/advisories/ZDI-06-037.html
- MISChttp://securitytracker.com/id?1017163
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/4362
- MISChttp://www.securityfocus.com/archive/1/450726/100/0/threaded
- VENDOR_ADVISORYhttp://secunia.com/advisories/22670
- MISChttp://www.securityfocus.com/bid/20930