Lucene search

[email protected]CVE-2008-2841

HistoryJun 24, 2008 - 7:41 p.m.

CVE-2008-2841

2008-06-2419:41:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2008-2841

xchat

windows

internet explorer

remote attackers

arbitrary commands

ircs uri

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

Low

0.185 Low

EPSS

Percentile

96.3%

JSON

Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI.

Affected configurations

NVD

Node

microsoftwindows_nt

AND

microsoftinternet_explorer

xchatxchatRange≤2.8.7b

CPENameOperatorVersion
microsoft:internet_explorermicrosoft internet explorereq*
xchat:xchatxchatle2.8.7b

CPE	Name	Operator	Version
microsoft:internet_explorer	microsoft internet explorer	eq	*
xchat:xchat	xchat	le	2.8.7b

References

forum.xchat.org/viewtopic.php?t=4218

secunia.com/advisories/30695

www.securityfocus.com/bid/29696

exchange.xforce.ibmcloud.com/vulnerabilities/43065

www.exploit-db.com/exploits/5795

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

Low

0.185 Low

EPSS

Percentile

96.3%

JSON

Related for CVE-2008-2841

prion1 cvelist1 debiancve1 ubuntucve1 nvd1