vendor:
Colloquy
by:
Lance M. Havok
7.5
CVSS
HIGH
Format string vulnerability
134
CWE
Product Name: Colloquy
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2006
Colloquy INVITE format string vulnerability exploit
This script makes use of the Colloquy INVITE format string vulnerability. It connects to an IRC server and joins a specified channel. It then sends a WHO command to the server to gather information about the users in the channel. This vulnerability can be exploited to execute arbitrary code.
Mitigation:
Update to a patched version of Colloquy or apply a fix provided by the vendor.