CVE-2007-4397

Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for XChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
References
Link Resource
http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065227.html
http://osvdb.org/39574
http://osvdb.org/39575
http://secunia.com/advisories/26454 Vendor Advisory
http://secunia.com/advisories/26455 Vendor Advisory
http://secunia.com/advisories/26484 Vendor Advisory
http://secunia.com/advisories/26485 Vendor Advisory
http://secunia.com/advisories/26486 Vendor Advisory
http://secunia.com/advisories/26487 Vendor Advisory
http://secunia.com/advisories/26488 Vendor Advisory
http://securityreason.com/securityalert/3036
http://wouter.coekaerts.be/site/security/nowplaying
http://www.securityfocus.com/archive/1/476283/100/0/threaded
http://www.securityfocus.com/bid/25281 Exploit Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/35985
http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065227.html
http://osvdb.org/39574
http://osvdb.org/39575
http://secunia.com/advisories/26454 Vendor Advisory
http://secunia.com/advisories/26455 Vendor Advisory
http://secunia.com/advisories/26484 Vendor Advisory
http://secunia.com/advisories/26485 Vendor Advisory
http://secunia.com/advisories/26486 Vendor Advisory
http://secunia.com/advisories/26487 Vendor Advisory
http://secunia.com/advisories/26488 Vendor Advisory
http://securityreason.com/securityalert/3036
http://wouter.coekaerts.be/site/security/nowplaying
http://www.securityfocus.com/archive/1/476283/100/0/threaded
http://www.securityfocus.com/bid/25281 Exploit Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/35985
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:irssi:irssi:*:*:*:*:*:*:*:*
cpe:2.3:a:kristof_korwisi:ixmmsa:0.3:*:*:*:*:*:*:*
cpe:2.3:a:mikachu:l33t_xmms_music_showing_script:2.00:*:*:*:*:*:*:*
cpe:2.3:a:ricardo_mesquita:mpg123:0.01:*:*:*:*:*:*:*
cpe:2.3:a:ricardo_mesquita:ogg123:0.01:*:*:*:*:*:*:*
cpe:2.3:a:simon:xmms2:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:tuomas_jormola:xmmsinfo:1.1.1.1:*:*:*:*:*:*:*

History

21 Nov 2024, 00:35

Type Values Removed Values Added
References () http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065227.html - () http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065227.html -
References () http://osvdb.org/39574 - () http://osvdb.org/39574 -
References () http://osvdb.org/39575 - () http://osvdb.org/39575 -
References () http://secunia.com/advisories/26454 - Vendor Advisory () http://secunia.com/advisories/26454 - Vendor Advisory
References () http://secunia.com/advisories/26455 - Vendor Advisory () http://secunia.com/advisories/26455 - Vendor Advisory
References () http://secunia.com/advisories/26484 - Vendor Advisory () http://secunia.com/advisories/26484 - Vendor Advisory
References () http://secunia.com/advisories/26485 - Vendor Advisory () http://secunia.com/advisories/26485 - Vendor Advisory
References () http://secunia.com/advisories/26486 - Vendor Advisory () http://secunia.com/advisories/26486 - Vendor Advisory
References () http://secunia.com/advisories/26487 - Vendor Advisory () http://secunia.com/advisories/26487 - Vendor Advisory
References () http://secunia.com/advisories/26488 - Vendor Advisory () http://secunia.com/advisories/26488 - Vendor Advisory
References () http://securityreason.com/securityalert/3036 - () http://securityreason.com/securityalert/3036 -
References () http://wouter.coekaerts.be/site/security/nowplaying - () http://wouter.coekaerts.be/site/security/nowplaying -
References () http://www.securityfocus.com/archive/1/476283/100/0/threaded - () http://www.securityfocus.com/archive/1/476283/100/0/threaded -
References () http://www.securityfocus.com/bid/25281 - Exploit, Patch () http://www.securityfocus.com/bid/25281 - Exploit, Patch
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/35985 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/35985 -

Information

Published : 2007-08-18 21:17

Updated : 2024-11-21 00:35


NVD link : CVE-2007-4397

Mitre link : CVE-2007-4397

CVE.ORG link : CVE-2007-4397


JSON object : View

Products Affected

irssi

  • irssi

simon

  • xmms2

tuomas_jormola

  • xmmsinfo

ricardo_mesquita

  • ogg123
  • mpg123

mikachu

  • l33t_xmms_music_showing_script

kristof_korwisi

  • ixmmsa