| ID |
CVE-2010-2785
|
| Summary |
The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \r and \40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:kvirc:kvirc:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:kvirc:kvirc:3.0.0:*:*:*:*:*:*:*
-
cpe:2.3:a:kvirc:kvirc:3.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:kvirc:kvirc:3.0.0:beta1:*:*:*:*:*:*
-
cpe:2.3:a:kvirc:kvirc:3.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:kvirc:kvirc:3.0.0:beta2:*:*:*:*:*:*
-
cpe:2.3:a:kvirc:kvirc:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:kvirc:kvirc:3.0.1:*:*:*:*:*:*:*
-
cpe:2.3:a:kvirc:kvirc:3.4.0:*:*:*:*:*:*:*
cpe:2.3:a:kvirc:kvirc:3.4.0:*:*:*:*:*:*:*
-
cpe:2.3:a:kvirc:kvirc:3.4.2:*:*:*:*:*:*:*
cpe:2.3:a:kvirc:kvirc:3.4.2:*:*:*:*:*:*:*
-
cpe:2.3:a:kvirc:kvirc:3.4.2:rc1:*:*:*:*:*:*
cpe:2.3:a:kvirc:kvirc:3.4.2:rc1:*:*:*:*:*:*
-
cpe:2.3:a:kvirc:kvirc:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:kvirc:kvirc:4.0.0:*:*:*:*:*:*:*
-
cpe:2.3:a:kvirc:kvirc:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:kvirc:kvirc:4.0.2:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 6.5 (as of 09-09-2010 - 05:43) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
SINGLE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
PARTIAL |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
| refmap
via4
|
| confirm | | | fedora | - FEDORA-2010-11506
- FEDORA-2010-11524
| | mlist | - [oss-security] 20100728 CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter
- [oss-security] 20100729 Re: CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter
| | osvdb | 66648 | | secunia | | | suse | SUSE-SR:2010:014 |
|
| Last major update |
09-09-2010 - 05:43 |
| Published |
02-08-2010 - 20:40 |
| Last modified |
09-09-2010 - 05:43 |
