← back
CVE-2008-7070

CVE-2008-7070

EPSS 5.1%
Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a " (quote) followed by command line switches in a (1) irc:///, (2) irc6:///, (3) ircs:///, or (4) and ircs6:/// URI. NOTE: this might be due to an incomplete fix for CVE-2007-2951.
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/7181unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://retrogod.altervista.org/kvirc_342_cmd.htmlhttp://secunia.com/advisories/32410https://exchange.xforce.ibmcloud.com/vulnerabilities/46779https://www.exploit-db.com/exploits/7181http://www.securityfocus.com/archive/1/498557/100/0/threadedhttp://www.securityfocus.com/bid/32410