Vulnerability Description
Multiple format string vulnerabilities in comm.c in Rhapsody IRC 0.28b allow remote attackers to execute arbitrary code via format string specifiers to the create_ctcp_message function using the message argument to the (1) me or (2) ctcp commands, and possibly related vectors involving the (3) whois, (4) mode, and (5) topic commands.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rhapsody Irc | Rhapsody Irc | 0.28b |
References
- http://osvdb.org/35001
- http://securityreason.com/securityalert/2447
- http://www.securityfocus.com/archive/1/463092/100/0/threaded
- http://www.securityfocus.com/bid/23011
- http://osvdb.org/35001
- http://securityreason.com/securityalert/2447
- http://www.securityfocus.com/archive/1/463092/100/0/threaded
- http://www.securityfocus.com/bid/23011
FAQ
What is CVE-2007-1503?
CVE-2007-1503 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple format string vulnerabilities in comm.c in Rhapsody IRC 0.28b allow remote attackers to execute arbitrary code via format string specifiers to the create_ctcp_message function using the messa...
How severe is CVE-2007-1503?
CVE-2007-1503 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1503?
Check the references section above for vendor advisories and patch information. Affected products include: Rhapsody Irc Rhapsody Irc.