CVE-2006-4662: Buffer Overflow
First published: Sat Sep 09 2006(Updated: )
Heap-based buffer overflow in the MCRegEx__Search function in AOL ICQ Pro 2003b Build 3916 and earlier allows remote attackers to execute arbitrary code via an inconsistent length field of a Message in a 0x2711 Type-Length-Value (TLV) type.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CenterICQ | =0.99b_1.1.1.1 | |
| CenterICQ | =0.99b_v.3.19 | |
| CenterICQ | =98.0a | |
| CenterICQ | =99a_2.15build1701 | |
| CenterICQ | =99a_2.21build1800 | |
| CenterICQ | =2000.0a | |
| CenterICQ | =2000.0b_build3278 | |
| CenterICQ | =2001a | |
| CenterICQ | =2001b_build3636 | |
| CenterICQ | =2001b_build3638 | |
| CenterICQ | =2001b_build3659 | |
| CenterICQ | =2002a_build3722 | |
| CenterICQ | =2002a_build3727 | |
| CenterICQ | =2003a | |
| CenterICQ | =2003a_build3777 | |
| CenterICQ | =2003a_build3799 | |
| CenterICQ | =2003a_build3800 | |
| CenterICQ | =2003b | |
| CenterICQ | =2003b_build3096 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1509
- http://www.securityfocus.com/bid/19897
- http://www.kb.cert.org/vuls/id/400780
- http://secunia.com/advisories/21834
- http://securityreason.com/securityalert/1530
- http://www.vupen.com/english/advisories/2006/3527
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28835
- http://www.securityfocus.com/archive/1/445513/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-4662?
CVE-2006-4662 has a critical severity rating due to the ability of remote attackers to execute arbitrary code.
How do I fix CVE-2006-4662?
To fix CVE-2006-4662, upgrade to a version of AOL ICQ Pro that is beyond 2003b Build 3916.
What type of vulnerability is CVE-2006-4662?
CVE-2006-4662 is a heap-based buffer overflow vulnerability.
Who is affected by CVE-2006-4662?
CVE-2006-4662 affects users of AOL ICQ Pro 2003b Build 3916 and earlier versions.
Can CVE-2006-4662 be exploited remotely?
Yes, CVE-2006-4662 can be exploited remotely by attackers sending specially crafted messages.
- agent/references
- agent/type
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/mirabilis
- canonical/centericq
- version/centericq/0.99b_1.1.1.1
- version/centericq/0.99b_v.3.19
- version/centericq/98.0a
- version/centericq/99a_2.15build1701
- version/centericq/99a_2.21build1800
- version/centericq/2000.0a
- version/centericq/2000.0b_build3278
- version/centericq/2001a
- version/centericq/2001b_build3636
- version/centericq/2001b_build3638
- version/centericq/2001b_build3659
- version/centericq/2002a_build3722
- version/centericq/2002a_build3727
- version/centericq/2003a
- version/centericq/2003a_build3777
- version/centericq/2003a_build3799
- version/centericq/2003a_build3800
- version/centericq/2003b
- version/centericq/2003b_build3096