CVE-2010-2785

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://secunia.com/advisories/40727", "name": "40727", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.osvdb.org/66648", "name": "66648", "tags": [], "refsource": "OSVDB"}, {"url": "http://marc.info/?l=oss-security&m=128041011428629&w=2", "name": "[oss-security] 20100729 Re: CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter", "tags": ["Patch"], "refsource": "MLIST"}, {"url": "http://bugs.gentoo.org/show_bug.cgi?id=330111", "name": "http://bugs.gentoo.org/show_bug.cgi?id=330111", "tags": [], "refsource": "CONFIRM"}, {"url": "http://openwall.com/lists/oss-security/2010/07/28/1", "name": "[oss-security] 20100728 CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter", "tags": ["Patch"], "refsource": "MLIST"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044643.html", "name": "FEDORA-2010-11524", "tags": [], "refsource": "FEDORA"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.html", "name": "FEDORA-2010-11506", "tags": [], "refsource": "FEDORA"}, {"url": "http://secunia.com/advisories/40796", "name": "40796", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "https://svn.kvirc.de/kvirc/ticket/858", "name": "https://svn.kvirc.de/kvirc/ticket/858", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "https://svn.kvirc.de/kvirc/changeset/4693", "name": "https://svn.kvirc.de/kvirc/changeset/4693", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html", "name": "SUSE-SR:2010:014", "tags": [], "refsource": "SUSE"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \\ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \\r and \\40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-2785", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2010-08-02T20:40Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:kvirc:kvirc:4.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:kvirc:kvirc:3.0.0:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:kvirc:kvirc:3.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:kvirc:kvirc:3.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:kvirc:kvirc:4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:kvirc:kvirc:3.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:kvirc:kvirc:3.4.2:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:kvirc:kvirc:3.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:kvirc:kvirc:3.0.0:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2010-09-09T05:43Z"}