CVE-2003-0237 | Vulnerability Database | Aqua Security

The ICQ Features on Demand functionality for Mirabilis ICQ Pro 2003a does not properly verify the authenticity of software upgrades, which allows remote attackers to install arbitrary software via a spoofing attack.

Affected Software

Name	Vendor	Start Version	End Version
Icq	Mirabilis	99a_2.15build1701	99a_2.15build1701
Icq	Mirabilis	99a_2.21build1800	99a_2.21build1800
Icq	Mirabilis	2000.0a	2000.0a
Icq	Mirabilis	2000.0b_build3278	2000.0b_build3278
Icq	Mirabilis	2001a	2001a
Icq	Mirabilis	2001b_build3636	2001b_build3636
Icq	Mirabilis	2001b_build3638	2001b_build3638
Icq	Mirabilis	2001b_build3659	2001b_build3659
Icq	Mirabilis	2002a_build3722	2002a_build3722
Icq	Mirabilis	2002a_build3727	2002a_build3727
Icq	Mirabilis	2003a_build3777	2003a_build3777
Icq	Mirabilis	2003a_build3799	2003a_build3799
Icq	Mirabilis	2003a_build3800	2003a_build3800

References

http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0051.html
http://marc.info/?l=bugtraq\u0026m=105216842131995\u0026w=2
http://www.coresecurity.com/common/showdoc.php?idx=315\u0026idxseccion=10
http://www.securityfocus.com/bid/7464
https://exchange.xforce.ibmcloud.com/vulnerabilities/11944

NVD	https://nvd.nist.gov/vuln/detail/CVE-2003-0237
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html