GUI display truncation vulnerability in ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote malicious users to hide malicious file extensions, bypass Windows security warnings via a filename that is all uppercase and of a specific length, which truncates the malicious extension from the display and could trick a user into executing arbitrary programs.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mirabilis icq lite 4.1 |
||
mirabilis icq 2003b |
||
mirabilis icq lite 4.0 |
||
mirabilis icq 2003a |