Summary
This host has KVIrc installed and is prone to Argument Injection vulnerability.
Impact
Successful exploitation will allow attackers to execute arbitrary commands.
Impact Level: Application
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
Insight
The flaw is due to an improper validation of user supplied input, which can be exploited by persuading a victim to open a specially-crafted 'irc:///', 'irc6:///', 'ircs:///', or 'ircs6:///' URI.
Affected
KVirc version 3.4.2 and prior on Windows
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2008-7070 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat Multiple Vulnerabilities April-2012 (Mac OS X)
- Adobe Air Multiple Vulnerabilities -01 August 12 (Windows)
- Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Mac OS X)
- Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Linux)
- Adobe Acrobat Multiple Vulnerabilities - 01 May14 (Windows)