6.8

CVE-2007-4397

Exploit
Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for XChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IrssiIrssi Version <= 0.8.10rc5
Kristof KorwisiIxmmsa Version0.3
Ricardo MesquitaMpg123 Version0.01
Ricardo MesquitaOgg123 Version0.01
SimonXmms2 Version1.1.3
Tuomas JormolaXmmsinfo Version1.1.1.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.14% 0.797
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065227.html
http://securityreason.com/securityalert/3036
http://wouter.coekaerts.be/site/security/nowplaying
http://www.securityfocus.com/archive/1/476283/100/0/threaded
http://www.securityfocus.com/bid/25281
Patch
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/35985
http://osvdb.org/39574
http://osvdb.org/39575
http://secunia.com/advisories/26454
Vendor Advisory
http://secunia.com/advisories/26455
Vendor Advisory
http://secunia.com/advisories/26484
Vendor Advisory
http://secunia.com/advisories/26485
Vendor Advisory
http://secunia.com/advisories/26486
Vendor Advisory
http://secunia.com/advisories/26487
Vendor Advisory
http://secunia.com/advisories/26488
Vendor Advisory