Vulnerability Description
Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows Nt | All versions |
| Microsoft | Internet Explorer | All versions |
| Xchat | Xchat | <= 2.8.7b |
Related Weaknesses (CWE)
References
- http://forum.xchat.org/viewtopic.php?t=4218
- http://secunia.com/advisories/30695Vendor Advisory
- http://www.securityfocus.com/bid/29696
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43065
- https://www.exploit-db.com/exploits/5795
- http://forum.xchat.org/viewtopic.php?t=4218
- http://secunia.com/advisories/30695Vendor Advisory
- http://www.securityfocus.com/bid/29696
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43065
- https://www.exploit-db.com/exploits/5795
FAQ
What is CVE-2008-2841?
CVE-2008-2841 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs://...
How severe is CVE-2008-2841?
CVE-2008-2841 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2841?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows Nt, Microsoft Internet Explorer, Xchat Xchat.