Published: 25/08/2009 Updated: 11/10/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote malicious users to execute arbitrary commands via a " (quote) followed by command line switches in a (1) irc:///, (2) irc6:///, (3) ircs:///, or (4) and ircs6:/// URI. NOTE: this might be due to an incomplete fix for CVE-2007-2951.

Vulnerable Product	Search on Vulmon	Subscribe to Product
kvirc kvirc 3.4.2

<!-- KVIrc 342 Shiny (uri handler) remote command execution exploit by Nine:Situations:Group::strawdog Tested against IE8beta/WINxpsp3 software site: wwwkvircnet/?lang=en description: "KVIrc is a Multilanguage, graphical IRC-Client for Windows, Linux, Unix and Mac OS[]" A command line parsing vulnerability exists (or I should say ...

CWE-94 http://www.securityfocus.com/bid/32410 http://retrogod.altervista.org/kvirc_342_cmd.html http://secunia.com/advisories/32410 https://exchange.xforce.ibmcloud.com/vulnerabilities/46779 https://www.exploit-db.com/exploits/7181 http://www.securityfocus.com/archive/1/498557/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/7181/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-7070

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect