ID CVE-2010-2785
Summary The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \r and \40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452.
References
Vulnerable Configurations
  • cpe:2.3:a:kvirc:kvirc:3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:kvirc:kvirc:3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:kvirc:kvirc:3.0.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:kvirc:kvirc:3.0.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:kvirc:kvirc:3.0.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:kvirc:kvirc:3.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:kvirc:kvirc:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:kvirc:kvirc:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:kvirc:kvirc:3.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:kvirc:kvirc:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:kvirc:kvirc:3.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:kvirc:kvirc:3.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:kvirc:kvirc:3.4.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:kvirc:kvirc:3.4.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:kvirc:kvirc:4.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:kvirc:kvirc:4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:kvirc:kvirc:4.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:kvirc:kvirc:4.0.2:*:*:*:*:*:*:*
CVSS
Base: 6.5 (as of 09-09-2010 - 05:43)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:P
refmap via4
confirm
fedora
  • FEDORA-2010-11506
  • FEDORA-2010-11524
mlist
  • [oss-security] 20100728 CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter
  • [oss-security] 20100729 Re: CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter
osvdb 66648
secunia
  • 40727
  • 40796
suse SUSE-SR:2010:014
Last major update 09-09-2010 - 05:43
Published 02-08-2010 - 20:40
Last modified 09-09-2010 - 05:43
Back to Top