CVE-2003-0235 | Vulnerability Database | Aqua Security

Format string vulnerability in POP3 client for Mirabilis ICQ Pro 2003a allows remote malicious servers to execute arbitrary code via format strings in the response to a UIDL command.

Affected Software

Name	Vendor	Start Version	End Version
Icq	Mirabilis	99a_2.15build1701 (including)	99a_2.15build1701 (including)
Icq	Mirabilis	99a_2.21build1800 (including)	99a_2.21build1800 (including)
Icq	Mirabilis	2000.0a (including)	2000.0a (including)
Icq	Mirabilis	2000.0b_build3278 (including)	2000.0b_build3278 (including)
Icq	Mirabilis	2001a (including)	2001a (including)
Icq	Mirabilis	2001b_build3636 (including)	2001b_build3636 (including)
Icq	Mirabilis	2001b_build3638 (including)	2001b_build3638 (including)
Icq	Mirabilis	2001b_build3659 (including)	2001b_build3659 (including)
Icq	Mirabilis	2002a_build3722 (including)	2002a_build3722 (including)
Icq	Mirabilis	2002a_build3727 (including)	2002a_build3727 (including)
Icq	Mirabilis	2003a_build3777 (including)	2003a_build3777 (including)
Icq	Mirabilis	2003a_build3799 (including)	2003a_build3799 (including)
Icq	Mirabilis	2003a_build3800 (including)	2003a_build3800 (including)

References

http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0051.html
http://marc.info/?l=bugtraq\u0026m=105216842131995\u0026w=2
http://www.coresecurity.com/common/showdoc.php?idx=315\u0026idxseccion=10
http://www.securityfocus.com/bid/7461
https://exchange.xforce.ibmcloud.com/vulnerabilities/11938

NVD	https://nvd.nist.gov/vuln/detail/CVE-2003-0235
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html