2011-01-18 17:00:00
mitre
PUBLISHED
ICQ 7 does not verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a crafted file that is fetched through an automatic-update mechanism.