Published: 18/08/2007 Updated: 15/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for XChat allow user-assisted remote malicious users to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ricardo mesquita ogg123 0.01
simon xmms2 1.1.3
mikachu l33t xmms music showing script 2.00
ricardo mesquita mpg123 0.01
kristof korwisi ixmmsa 0.3
tuomas jormola xmmsinfo 1.1.1.1
irssi irssi

NVD-CWE-Other http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065227.html http://wouter.coekaerts.be/site/security/nowplaying http://www.securityfocus.com/bid/25281 http://secunia.com/advisories/26454 http://secunia.com/advisories/26455 http://secunia.com/advisories/26484 http://secunia.com/advisories/26485 http://secunia.com/advisories/26486 http://secunia.com/advisories/26487 http://secunia.com/advisories/26488 http://securityreason.com/securityalert/3036 http://osvdb.org/39575 http://osvdb.org/39574 https://exchange.xforce.ibmcloud.com/vulnerabilities/35985 http://www.securityfocus.com/archive/1/476283/100/0/threaded https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-4397

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect