CVE-2008-7070

EUVD-2008-7029
Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a " (quote) followed by command line switches in a (1) irc:///, (2) irc6:///, (3) ircs:///, or (4) and ircs6:/// URI.  NOTE: this might be due to an incomplete fix for CVE-2007-2951.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
Affected Products (NVD)
VendorProductVersion
kvirckvirc
3.4.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
kvirc
bookworm
4:5.0.0+dfsg-6
fixed
bullseye
4:5.0.0+dfsg-5
fixed
sid
4:5.2.6-1
fixed
trixie
4:5.2.6-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
kvirc
dapper
ignored
hardy
not-affected
intrepid
not-affected
jaunty
not-affected
karmic
not-affected
Common Weakness Enumeration
References
http://retrogod.altervista.org/kvirc_342_cmd.html
http://secunia.com/advisories/32410
http://www.securityfocus.com/archive/1/498557/100/0/threaded
http://www.securityfocus.com/bid/32410
https://exchange.xforce.ibmcloud.com/vulnerabilities/46779
https://www.exploit-db.com/exploits/7181
http://retrogod.altervista.org/kvirc_342_cmd.html
http://secunia.com/advisories/32410
http://www.securityfocus.com/archive/1/498557/100/0/threaded
http://www.securityfocus.com/bid/32410
https://exchange.xforce.ibmcloud.com/vulnerabilities/46779
https://www.exploit-db.com/exploits/7181