The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \r and \40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452.
oryginał ENAV:N/AC:L/Au:S/C:P/I:P/A:PKvirc
APPKvirc3.0.03.0.13.4.03.4.24.0.04.0.2
Powiązane podatności
Multiple format string vulnerabilities in the DCC functionality in KVIrc 3.4 and 4.0 have unspecified impact a...
Directory traversal vulnerability in the DCC functionality in KVIrc 3.4 and 4.0 allows remote attackers to ove...
Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute ar...
Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for process...
The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KVIrc 3.2.0 allows user-assisted remote attacke...