Back to search
CVE-2010-2785
Published: Aug 2, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \r and \40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://bugs.gentoo.org/show_bug.cgi?id=330111
x_refsource_CONFIRM
FEDORA-2010-11524
vendor-advisory
x_refsource_FEDORA
40796
third-party-advisory
x_refsource_SECUNIA
66648
vdb-entry
x_refsource_OSVDB
https://svn.kvirc.de/kvirc/changeset/4693
x_refsource_CONFIRM
SUSE-SR:2010:014
vendor-advisory
x_refsource_SUSE
[oss-security] 20100728 CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter
mailing-list
x_refsource_MLIST
40727
third-party-advisory
x_refsource_SECUNIA
https://svn.kvirc.de/kvirc/ticket/858
x_refsource_CONFIRM
FEDORA-2010-11506
vendor-advisory
x_refsource_FEDORA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now