Lucene search
RootSSV:1942HistoryJun 29, 2007 - 12:00 a.m.
KVIrc irc:// URI处理器远程命令注入漏洞
2007-06-2900:00:00
Root
www.seebug.org
14
0.016 Low
EPSS
Percentile
87.6%
BUGTRAQ ID: 24652
CVE(CAN) ID: CVE-2007-2951
KVIrc是一款免费的可移植IRC客户端。
KVIrc客户端在处理“irc://”协议串时存在漏洞,远程攻击者可能利用此漏洞在用户机器上执行命令。
KVIrc客户端的src/kvirc/kernel/kvi_ircurl.cpp文件中的parseIrcUrl()函数在为KVIrc的内部脚本系统构建命令时没有正确过滤部分URI,如果用户受骗打开了特制的irc://或类似的URI(如irc6://)的话,就会导致注入并执行KVIrc脚本系统命令。成功攻击要求KVIrc是irc://或类似URI的默认处理器。
KVIrc KVIrc 3.2.5
KVIrc KVIrc 3.2
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“https://svn.kvirc.de/kvirc/changeset/630/#file3” target=“_blank”>https://svn.kvirc.de/kvirc/changeset/630/#file3</a>
Related
openvas
openvas
Gentoo Security Advisory GLSA 200709-02 (kvirc)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200709-02 (kvirc)
2008-09-24 00:00:00
nessus
nessus
GLSA-200709-02 : KVIrc: Remote arbitrary code execution
2007-09-14 00:00:00
openSUSE 10 Security Update : kvirc (kvirc-3953)
2007-10-17 00:00:00
securityvulns
securityvulns
[Full-disclosure] Secunia Research: KVIrc irc:// URI Handler Command Execution Vulnerability
2007-06-28 00:00:00
KVIrc IRC client buffer overflow
2007-06-28 00:00:00
prion
prion
Code injection
2007-06-26 18:30:00
Design/Logic Flaw
2009-08-25 10:30:00
ubuntucve
ubuntucve
CVE-2007-2951
2007-06-26 00:00:00
CVE-2008-7070
2009-08-25 00:00:00
nvd
nvd
CVE-2007-2951
2007-06-26 18:30:00
CVE-2008-7070
2009-08-25 10:30:00
debiancve
debiancve
CVE-2007-2951
2007-06-26 18:30:00
CVE-2008-7070
2009-08-25 10:30:00
cvelist
cvelist
CVE-2007-2951
2007-06-26 18:00:00
CVE-2008-7070
2009-08-25 10:00:00
gentoo
gentoo
KVIrc: Remote arbitrary code execution
2007-09-13 00:00:00
cve
cve
CVE-2007-2951
2007-06-26 18:30:00
CVE-2008-7070
2009-08-25 10:30:00