Signature Detail
Short Name |
HTTP:STC:ACTIVEX:ICQPHONE-EXEC |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
ICQPhone SipxPhoneManager ActiveX Arbitrary Code Execution |
Release Date |
2006/11/20 |
Update Number |
1213 |
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: ICQPhone SipxPhoneManager ActiveX Arbitrary Code Execution
This signature detects attempts to exploit a known vulnerability against the ICQ ICQPhone SipxPhoneManager ActiveX Control. ICQ version 5.1 is vulnerable. Successful attackers can execute remote code in the context of the logged in user.
Extended Description
The America Online ICQ ActiveX Control is prone to a remote code-execution vulnerability. An attacker could exploit this issue simply by sending a message to a victim ICQ user. Successful exploits could allow the attacker to execute arbitrary code. The ICQPhone.SipxPhoneManager ActiveX control with the following CLSID is affected: 54BDE6EC-F42F-4500-AC46-905177444300
Affected Products
- ICQ Inc. ICQ 5.1
References
- BugTraq: 20930
- CVE: CVE-2006-5650
- URL: http://securitytracker.com/alerts/2006/Nov/1017163.html