ICQ 7 does not verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a crafted file that is fetched through an automatic-update mechanism.
CVSS Score
9.3
EPSS Score
0.01
Published
2011-01-18