Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI.
References
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 00:47
Type | Values Removed | Values Added |
---|---|---|
References | () http://forum.xchat.org/viewtopic.php?t=4218 - | |
References | () http://secunia.com/advisories/30695 - Vendor Advisory | |
References | () http://www.securityfocus.com/bid/29696 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/43065 - | |
References | () https://www.exploit-db.com/exploits/5795 - |
Information
Published : 2008-06-24 19:41
Updated : 2024-11-21 00:47
NVD link : CVE-2008-2841
Mitre link : CVE-2008-2841
CVE.ORG link : CVE-2008-2841
JSON object : View
Products Affected
xchat
- xchat
microsoft
- windows_nt
- internet_explorer
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')