CVE-2010-2785 | Vulnerability Database | Aqua Security

The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving r and 40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452.

Affected Software

Name	Vendor	Start Version	End Version
Kvirc	Kvirc	3.0.0 (including)	3.0.0 (including)
Kvirc	Kvirc	3.0.0-beta1 (including)	3.0.0-beta1 (including)
Kvirc	Kvirc	3.0.0-beta2 (including)	3.0.0-beta2 (including)
Kvirc	Kvirc	3.0.1 (including)	3.0.1 (including)
Kvirc	Kvirc	3.4.0 (including)	3.4.0 (including)
Kvirc	Kvirc	3.4.2 (including)	3.4.2 (including)
Kvirc	Kvirc	3.4.2-rc1 (including)	3.4.2-rc1 (including)
Kvirc	Kvirc	4.0.0 (including)	4.0.0 (including)
Kvirc	Kvirc	4.0.2 (including)	4.0.2 (including)
Kvirc	Ubuntu	dapper	*
Kvirc	Ubuntu	hardy	*
Kvirc	Ubuntu	jaunty	*
Kvirc	Ubuntu	karmic	*
Kvirc	Ubuntu	lucid	*
Kvirc	Ubuntu	upstream	*

References

http://bugs.gentoo.org/show_bug.cgi?id=330111
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044643.html
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
http://marc.info/?l=oss-security\u0026m=128041011428629\u0026w=2
http://openwall.com/lists/oss-security/2010/07/28/1
http://secunia.com/advisories/40727
http://secunia.com/advisories/40796
http://www.osvdb.org/66648
https://svn.kvirc.de/kvirc/changeset/4693
https://svn.kvirc.de/kvirc/ticket/858

NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-2785
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html