Vulnerabilities > CVE-2007-1503 - Remote vulnerability in Rhapsody IRC Rhapsody IRC 0.28B

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

rhapsody-irc

NVD

Published: 2007-03-19

Updated: 2018-10-16

Summary

Multiple format string vulnerabilities in comm.c in Rhapsody IRC 0.28b allow remote attackers to execute arbitrary code via format string specifiers to the create_ctcp_message function using the message argument to the (1) me or (2) ctcp commands, and possibly related vectors involving the (3) whois, (4) mode, and (5) topic commands.

Vulnerable Configurations

Part	Description	Count
Application	Rhapsody_Irc Rhapsody IRC Rhapsody IRC 0.28B	1

References

http://osvdb.org/35001
http://securityreason.com/securityalert/2447
http://www.securityfocus.com/archive/1/463092/100/0/threaded
http://www.securityfocus.com/bid/23011