CVE-2006-4455

xchat < 2.6.7 - Denial of Service via PRIVMSG Command

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-4455. PoCs published by Elo, ratboy.

AI-analyzed exploit summary This Perl script exploits CVE-2006-4455 by sending a malicious payload via IRC to a target victim. The payload is designed to trigger a buffer overflow in the target software.

Description

Unspecified vulnerability in Xchat 2.6.7 and earlier allows remote attackers to cause a denial of service (crash) via unspecified vectors involving the PRIVMSG command. NOTE: the vendor has disputed this vulnerability, stating that it does not affect 2.6.7 "or any recent version"

Exploits (2)

exploitdb WORKING POC VERIFIED
by Elo · perldoswindows
https://www.exploit-db.com/exploits/2147

This Perl script exploits CVE-2006-4455 by sending a malicious payload via IRC to a target victim. The payload is designed to trigger a buffer overflow in the target software.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Unknown (likely an IRC client or server vulnerable to buffer overflow)
No auth needed
Prerequisites: IRC server details · Target victim's IRC nickname
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by ratboy · phpdoswindows
https://www.exploit-db.com/exploits/2124

This exploit targets XChat <= 2.6.7 on Windows, causing a remote crash (DoS) by sending a malformed PRIVMSG containing a specific byte sequence. The script connects to an IRC server, joins a channel, and sends the exploit payload to a specified victim upon receiving any PRIVMSG.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: XChat <= 2.6.7 on Windows
No auth needed
Prerequisites: IRC server access · Victim must be in the same IRC channel
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/28325
Various Sources x_refsource_misc
http://www.xchat.org/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/19398
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/2124
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=115523184321922&w=2
Various Sources x_refsource_misc
http://forum.xchat.org/viewtopic.php?t=2918
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/2147
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1016687

Scores

EPSS 0.0499
EPSS Percentile 91.1%

Details

Status published
Products (1)
xchat/xchat < 2.6.7
Published Aug 30, 2006
Tracked Since Feb 18, 2026