ICQ is an instant messenger client for Microsoft Windows systems. ICQ includes support for sound schemes. ICQ sound scheme files are generally given the .scm extension.

When installed, a sound scheme places a number of wav sound files in a predictable location within the installation directory of ICQ.

An attacker may exploit this vulnerability to place malicious content in a known location. A URL reference to the file may then cause malicious content or code to be executed within local context.

Remote: Yes

Exploit: An exploit has been provided by "Jelmer" . This exploit will run arbitrary code on vulnerable systems, and should be treated appropriately.

http://www.xs4all.nl/~jkuperus/icq/icq.htm