CVE-2008-7070

KVIrc 3.4.2 - Remote Code Execution via URI Handler Argument Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-7070. PoCs published by Nine:Situations:Group.

AI-analyzed exploit summary This exploit leverages a command line parsing vulnerability in KVIrc 3.4.2 by injecting malicious commands via URI handlers (irc://, irc6://, ircs://, ircs6://). The PoC demonstrates remote command execution by adding a new administrative user via cmd.exe.

Description

Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a " (quote) followed by command line switches in a (1) irc:///, (2) irc6:///, (3) ircs:///, or (4) and ircs6:/// URI. NOTE: this might be due to an incomplete fix for CVE-2007-2951.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Nine:Situations:Group · htmlremotewindows

https://www.exploit-db.com/exploits/7181

View Code ZIP pw:eip

This exploit leverages a command line parsing vulnerability in KVIrc 3.4.2 by injecting malicious commands via URI handlers (irc://, irc6://, ircs://, ircs6://). The PoC demonstrates remote command execution by adding a new administrative user via cmd.exe.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: KVIrc 3.4.2

No auth needed

Prerequisites: Victim must have KVIrc 3.4.2 installed and click on a malicious link

MITRE ATT&CK