ICQ强迫用户添加漏洞

漏洞信息详情

ICQ强迫用户添加漏洞

• CNNVD编号：CNNVD-200108-086
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2001-1305
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2001-08-17
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  mirabilis
• 漏洞来源：
  This vulnerability…

ICQ 2001a Alpha版本及之前版本存在漏洞。远程攻击者可以借助到带有应用/x-icq的Content-Type的网页的URL来自动添加任意UINs到ICQ用户的通讯录，该漏洞被Internet Explorer处理。

This issue has been addressed in later versions of ICQ by prompting the user whenever a contact is about to be added. It is not known exactly when this fix was incorporated into the client.

来源: XF
名称: icq-auto-add-user(7028)
链接:http://www.iss.net/security_center/static/7028.php

来源: BID
名称: 3226
链接:http://www.securityfocus.com/bid/3226

来源: BUGTRAQ
名称: 20010822 Hexyn / Securax Advisory #22 – ICQ Forced Auto-Add Users
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=99851887024728&w=2