Vulnerability Description
Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for processing IRC URIs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the irc:// URI.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kvirc | Kvirc | 3.4.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/32410Vendor Advisory
- http://securityreason.com/securityalert/4508
- http://www.securityfocus.com/bid/31912
- http://www.vupen.com/english/advisories/2008/2926
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46114
- https://www.exploit-db.com/exploits/6832
- http://secunia.com/advisories/32410Vendor Advisory
- http://securityreason.com/securityalert/4508
- http://www.securityfocus.com/bid/31912
- http://www.vupen.com/english/advisories/2008/2926
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46114
- https://www.exploit-db.com/exploits/6832
FAQ
What is CVE-2008-4748?
CVE-2008-4748 is a vulnerability with a CVSS score of 7.6 (HIGH). Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for processing IRC URIs, allows remote attackers to cause a denial of service (application crash) and...
How severe is CVE-2008-4748?
CVE-2008-4748 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-4748?
Check the references section above for vendor advisories and patch information. Affected products include: Kvirc Kvirc.