AOL Instant Messenger up to 5.1 ICQPhone.SipxPhoneManager memory corruption
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.4 | $0-$5k | 0.00 |
Summary
A vulnerability classified as critical was found in AOL Instant Messenger up to 5.1. This impacts an unknown function of the component ICQPhone.SipxPhoneManager. Such manipulation leads to memory corruption. This vulnerability is referenced as CVE-2006-5650. Furthermore, an exploit is available. Upgrading the affected component is advised.
Details
A vulnerability was found in AOL Instant Messenger up to 5.1 (Messaging Software) and classified as critical. Affected by this issue is an unknown function of the component ICQPhone.SipxPhoneManager. The manipulation with an unknown input leads to a memory corruption vulnerability. Using CWE to declare the problem leads to CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. Impacted is confidentiality, integrity, and availability. CVE summarizes:
The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote attackers to download and execute arbitrary code via the DownloadAgent function, as demonstrated using an ICQ avatar.
The bug was discovered 09/20/2006. The weakness was published 11/06/2006 by Peter Vreugdenhil (Agent) with zerodayinitiative.com (Website). The advisory is shared for download at zerodayinitiative.com. The public release has been coordinated with the vendor. This vulnerability is handled as CVE-2006-5650 since 11/02/2006. The attack may be launched remotely. No form of authentication is required for exploitation. Technical details are unknown but a public exploit is available.
The exploit is available at saintcorporation.com. It is declared as highly functional. The vulnerability was handled as a non-public zero-day exploit for at least 41 days. During that time the estimated underground price was around $25k-$100k.
Upgrading eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at icq.com. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published even before and not after the disclosure of the vulnerability. Attack attempts may be identified with Snort ID 9814. In this case the pattern 54BDE6EC-F42F-4500-AC46-905177444300 is used for detection. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 4725. The filter is assigned to the category Vulnerabilities.
The vulnerability is also documented in the databases at X-Force (30059), SecurityFocus (BID 20930†), OSVDB (30220†), Secunia (SA22670†) and SecurityTracker (ID 1017163†). Once again VulDB remains the best source for vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.aol.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.3VulDB Meta Temp Score: 6.4
VulDB Base Score: 7.3
VulDB Temp Score: 6.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Highly functional
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Saint ID: exploit_info/aol_icq_downloadagent
Saint Name: AOL ICQ ActiveX DownloadAgent vulnerability
MetaSploit ID: aol_icq_downloadagent.rb
MetaSploit Name: America Online ICQ ActiveX Control Arbitrary File Download and Execute
MetaSploit File: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Patch: icq.com
Snort ID: 9814
Snort Message: WEB-ACTIVEX ICQPhone.SipxPhoneManager ActiveX clsid access
Snort Pattern: 🔍
TippingPoint: 🔍
TippingPoint Title: 🔍
TippingPoint Category: 🔍
McAfee IPS: 🔍
McAfee IPS Version: 🔍
SourceFire IPS: 🔍
PaloAlto IPS: 🔍
Fortigate IPS: 🔍
Timeline
09/20/2006 🔍10/31/2006 🔍
11/02/2006 🔍
11/06/2006 🔍
11/06/2006 🔍
11/06/2006 🔍
11/06/2006 🔍
11/06/2006 🔍
11/06/2006 🔍
11/07/2006 🔍
11/07/2006 🔍
07/12/2011 🔍
04/26/2026 🔍
Sources
Vendor: aol.comAdvisory: zerodayinitiative.com
Researcher: Peter Vreugdenhil (Agent)
Organization: zerodayinitiative.com
Status: Confirmed
Coordinated: 🔍
CVE: CVE-2006-5650 (🔍)
GCVE (CVE): GCVE-0-2006-5650
GCVE (VulDB): GCVE-100-2660
X-Force: 30059 - America Online (AOL) ICQPhone.SipxPhoneManager ActiveX control code execution, High Risk
SecurityFocus: 20930 - America Online ICQ ActiveX Control Remote Code Execution Vulnerability
Secunia: 22670 - ICQ ICQPhone.SipxPhoneManager ActiveX Control Vulnerability, Highly Critical
OSVDB: 30220 - ICQ ICQPhone.SipxPhoneManager ActiveX Control DownloadAgent Function Arbitrary Code Execution
SecurityTracker: 1017163 - AOL ICQ DownloadAgent() Function Lets Remote Users Execute Arbitrary Code
Vulnerability Center: 32225 - America Online ICQ 5.1 Remote Arbitrary Code Execution Vulnerability via the DownloadAgent Function, High
Vupen: ADV-2006-4362
scip Labs: https://www.scip.ch/en/?labs.20161013
Entry
Created: 11/07/2006 10:30Updated: 04/26/2026 20:00
Changes: 11/07/2006 10:30 (104), 03/27/2017 09:16 (7), 04/26/2026 20:00 (17)
Complete: 🔍
Cache ID: 216::103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.