Lucene search

[email protected]CVE-2007-4401

HistoryAug 18, 2007 - 9:17 p.m.

CVE-2007-4401

2007-08-1821:17:00

[email protected]

web.nvd.nist.gov

cve-2007-4401

crlf injection

mirc

integration plugin

remote code execution

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

High

0.021 Low

EPSS

Percentile

89.3%

JSON

Multiple CRLF injection vulnerabilities in the Advanced mIRC Integration Plugin and possibly other unspecified scripts in mIRC allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.

Affected configurations

NVD

Node

mircadvanced_integration_plugin

CPENameOperatorVersion
mirc:advanced_integration_pluginmirc advanced integration plugineq*

CPE	Name	Operator	Version
mirc:advanced_integration_plugin	mirc advanced integration plugin	eq	*

References

lists.grok.org.uk/pipermail/full-disclosure/2007-August/065227.html

secunia.com/advisories/26491

securityreason.com/securityalert/3036

wouter.coekaerts.be/site/security/nowplaying

www.securityfocus.com/archive/1/476283/100/0/threaded

www.securityfocus.com/bid/25281

exchange.xforce.ibmcloud.com/vulnerabilities/35985

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

High

0.021 Low

EPSS

Percentile

89.3%

JSON

Related for CVE-2007-4401

cvelist1 prion1 nvd1