ICQ is an instant messenger client for Microsoft Windows systems. ICQ includes support for sound schemes. ICQ sound scheme files are generally given the .scm extension.
When installed, a sound scheme places a number of wav sound files in a predictable location within the installation directory of ICQ.
An attacker may exploit this vulnerability to place malicious content in a known location. A URL reference to the file may then cause malicious content or code to be executed within local context.
Remote: Yes
Exploit: An exploit has been provided by "Jelmer" . This exploit will run arbitrary code on vulnerable systems, and should be treated appropriately.
http://www.xs4all.nl/~jkuperus/icq/icq.htm