ID CVE-2007-2951
Summary The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KVIrc 3.2.0 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an (1) irc:// or (2) irc6:// URI.
References
Vulnerable Configurations
  • cpe:2.3:a:kvirc:irc_client:3.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:kvirc:irc_client:3.2.0:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 16-10-2018 - 16:46)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
refmap via4
bid 24652
bugtraq 20070628 Secunia Research: KVIrc irc:// URI Handler Command ExecutionVulnerability
confirm https://svn.kvirc.de/kvirc/changeset/630/#file3
gentoo GLSA-200709-02
misc http://secunia.com/secunia_research/2007-56/advisory/
osvdb 37604
secunia
  • 25740
  • 26813
suse SUSE-SR:2007:015
vupen ADV-2007-2334
xf kvirc-parseircurl-command-execution(35087)
Last major update 16-10-2018 - 16:46
Published 26-06-2007 - 18:30
Back to Top