CVE-2010-2785

Severity

65%

Complexity

80%

Confidentiality

106%

The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \r and \40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452.

The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \r and \40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452.

CVSS 2.0 Base Score 6.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P).

Overview

Type

KVirc

First reported 14 years ago

2010-08-02 20:40:00

Last updated 14 years ago

2010-09-09 05:43:00

Affected Software

KVirc 3.0.0

3.0.0

KVirc 3.0.0 beta1

3.0.0

KVirc 3.0.0 beta2

3.0.0

KVirc 3.0.1

3.0.1

KVirc 3.4.0

3.4.0

KVirc 3.4.2

3.4.2

KVirc 3.4.2 release candidate 1

3.4.2

KVirc 4.0.0

4.0.0

KVirc 4.0.2

4.0.2

References

http://bugs.gentoo.org/show_bug.cgi?id=330111

FEDORA-2010-11506

FEDORA-2010-11524

SUSE-SR:2010:014

[oss-security] 20100729 Re: CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter

Patch

[oss-security] 20100728 CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter

Patch

40727

Vendor Advisory

40796

Vendor Advisory

66648

https://svn.kvirc.de/kvirc/changeset/4693

Patch

https://svn.kvirc.de/kvirc/ticket/858

Patch

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.