CVE-2006-5650 Information

Description

The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote attackers to download and execute arbitrary code via the DownloadAgent function as demonstrated using an ICQ avatar.

Reference

http://secunia.com/advisories/22670 http://securityreason.com/securityalert/1830 http://securitytracker.com/id?1017163 http://www.securityfocus.com/archive/1/450726/100/0/threaded http://www.securityfocus.com/bid/20930 http://www.vupen.com/english/advisories/2006/4362 http://www.zerodayinitiative.com/advisories/ZDI-06-037.html https://exchange.xforce.ibmcloud.com/vulnerabilities/30059