CVE-2008-7070

Kvirc - Code Injection

Title source: rule

Description

Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a " (quote) followed by command line switches in a (1) irc:///, (2) irc6:///, (3) ircs:///, or (4) and ircs6:/// URI. NOTE: this might be due to an incomplete fix for CVE-2007-2951.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Nine:Situations:Group · htmlremotewindows

https://www.exploit-db.com/exploits/7181

View Code ZIP pw:eip

References (6)

[Exploit] http://retrogod.altervista.org/kvirc_342_cmd.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/498557/100/0/threaded

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/7181

[Exploit] http://www.securityfocus.com/bid/32410

[Third Party Advisory] http://secunia.com/advisories/32410

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/46779

Scores

EPSS 0.0501

EPSS Percentile 89.7%

Details

CWE

CWE-94

Status published

Products (1)

kvirc/kvirc 3.4.2

Published Aug 25, 2009

Tracked Since Feb 18, 2026