Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-7070

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-7070
Last Modified 30 Jun 2010 07:46:03
Published 25 Aug 2009 06:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-7070

Summary

Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a " (quote) followed by command line switches in a (1) irc:///, (2) irc6:///, (3) ircs:///, or (4) and ircs6:/// URI. NOTE: this might be due to an incomplete fix for CVE-2007-2951.

Vulnerable Systems

Application

  • Kvirc 3.4.2


References

XF - kvirc-multiple-uri-command-execution(46779)

BID - 32410

BUGTRAQ - 20081121 KVIrc 3.4.2 Shiny (uri handler) remote command execution exploit

MILW0RM - 7181

MISC - http://retrogod.altervista.org/kvirc_342_cmd.html


Last Updated: 27 May 2016 10:49:26