CVE-2006-4662
UnknownEPSS 6.15%
Last modified
CVE-2006-4662 is a vulnerability of currently unknown severity. Heap-based buffer overflow in the MCRegEx__Search function in AOL ICQ Pro 2003b Build 3916 and earlier allows remote attackers to execute arbitrary code via an inconsistent length field of a Message in a 0x2711 Type-Length-Value (TLV) type.. EPSS estimates a 6.15% chance of exploitation in the next 30 days.
Description
Heap-based buffer overflow in the MCRegEx__Search function in AOL ICQ Pro 2003b Build 3916 and earlier allows remote attackers to execute arbitrary code via an inconsistent length field of a Message in a 0x2711 Type-Length-Value (TLV) type.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mirabilis | Icq | 0.99b_1.1.1.1 |
| Mirabilis | Icq | 0.99b_v.3.19 |
| Mirabilis | Icq | 98.0a |
| Mirabilis | Icq | 99a_2.15build1701 |
| Mirabilis | Icq | 99a_2.21build1800 |
| Mirabilis | Icq | 2000.0a |
| Mirabilis | Icq | 2000.0b_build3278 |
| Mirabilis | Icq | 2001a |
| Mirabilis | Icq | 2001b_build3636 |
| Mirabilis | Icq | 2001b_build3638 |
| Mirabilis | Icq | 2001b_build3659 |
| Mirabilis | Icq | 2002a_build3722 |
| Mirabilis | Icq | 2002a_build3727 |
| Mirabilis | Icq | 2003a |
| Mirabilis | Icq | 2003a_build3777 |
| Mirabilis | Icq | 2003a_build3799 |
| Mirabilis | Icq | 2003a_build3800 |
| Mirabilis | Icq | 2003b |
| Mirabilis | Icq | 2003b_build3096 |
References
- http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1509Patch, Vendor Advisory
- http://www.kb.cert.org/vuls/id/400780US Government Resource
- http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1509Patch, Vendor Advisory
- http://www.kb.cert.org/vuls/id/400780US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-4662?
Heap-based buffer overflow in the MCRegEx__Search function in AOL ICQ Pro 2003b Build 3916 and earlier allows remote attackers to execute arbitrary code via an inconsistent length field of a Message in a 0x2711 Type-Length-Value (TLV) type.
How severe is CVE-2006-4662?
Severity scoring for CVE-2006-4662 is pending analysis. The EPSS model estimates a 6.15% probability of exploitation in the next 30 days.
How do I fix CVE-2006-4662?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2006-4662?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST