Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2007-2951

The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KVIrc 3.2.0 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an (1) irc:// or (2) irc6:// URI.

Related bugs and status

CVE-2007-2951 (Candidate) is related to these bugs:

Bug #123037: KVIrc irc:// URI Handler Command Execution Vulnerability

Summary				In	Importance	Status
	123037	KVIrc irc:// URI Handler Command Execution Vulnerability		kvirc (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://secunia.com/sec...
CONFIRM: https://svn.kvirc.de/k...
SECUNIA: 25740
BID: 24652
SUSE: SUSE-SR:2007:015
GENTOO: GLSA-200709-02
SECUNIA: 26813
VUPEN: ADV-2007-2334
OSVDB: 37604
XF: kvirc-parseircurl-comm...
BUGTRAQ: 20070628 Secunia Resea...