Lucene search

FlexeraCVE-2007-2951

HistoryJun 26, 2007 - 6:30 p.m.

CVE-2007-2951

2007-06-2618:30:00

flexera

web.nvd.nist.gov

cve

kvirc

remote execution

shell metacharacters

irc protocol

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

Low

EPSS

0.03

Percentile

91.1%

JSON

The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KVIrc 3.2.0 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an (1) irc:// or (2) irc6:// URI.

Affected configurations

Nvd

Node

kvircirc_clientMatch3.2.0

VendorProductVersionCPE
kvircirc_client3.2.0cpe:2.3:a:kvirc:irc_client:3.2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
kvirc	irc_client	3.2.0	cpe:2.3:a:kvirc:irc_client:3.2.0:::::::*

References

osvdb.org/37604

secunia.com/advisories/25740

secunia.com/advisories/26813

secunia.com/secunia_research/2007-56/advisory/

security.gentoo.org/glsa/glsa-200709-02.xml

www.novell.com/linux/security/advisories/2007_15_sr.html

www.securityfocus.com/archive/1/472441/100/0/threaded

www.securityfocus.com/bid/24652

www.vupen.com/english/advisories/2007/2334

exchange.xforce.ibmcloud.com/vulnerabilities/35087

svn.kvirc.de/kvirc/changeset/630/#file3

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

Low

EPSS

0.03

Percentile

91.1%

JSON

Related for CVE-2007-2951