CVE-2000-0787

IRC Xchat <1.4.2 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0787. PoCs published by zenith parsec.

AI-analyzed exploit summary This exploit leverages a command injection vulnerability in X-Chat IRC client versions 1.4.2 and earlier. By embedding shell commands within backticks in a URL, an attacker can execute arbitrary commands when the victim clicks the link, due to improper shell metacharacter handling.

Description

IRC Xchat client versions 1.4.2 and earlier allows remote attackers to execute arbitrary commands by encoding shell metacharacters into a URL which XChat uses to launch a web browser.

Exploits (1)

exploitdb WORKING POC VERIFIED
by zenith parsec · textremotelinux
https://www.exploit-db.com/exploits/20161

This exploit leverages a command injection vulnerability in X-Chat IRC client versions 1.4.2 and earlier. By embedding shell commands within backticks in a URL, an attacker can execute arbitrary commands when the victim clicks the link, due to improper shell metacharacter handling.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: X-Chat IRC client <= 1.4.2
No auth needed
Prerequisites: Victim must click on a malicious URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-08/0215.html
Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1601
Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-08/0305.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2000-055.html
Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-08/0301.html

Scores

EPSS 0.0921
EPSS Percentile 94.7%

Details

Status published
Products (11)
xchat/xchat 1.2.1
xchat/xchat 1.3.9
xchat/xchat 1.3.10
xchat/xchat 1.3.11
xchat/xchat 1.3.12
xchat/xchat 1.3.13
xchat/xchat 1.4
xchat/xchat 1.4.1
xchat/xchat 1.4.2
xchat/xchat 1.5.6
... and 1 more
Published Oct 20, 2000
Tracked Since Feb 18, 2026