Vulnerability Details CVE-2007-1503
Multiple format string vulnerabilities in comm.c in Rhapsody IRC 0.28b allow remote attackers to execute arbitrary code via format string specifiers to the create_ctcp_message function using the message argument to the (1) me or (2) ctcp commands, and possibly related vectors involving the (3) whois, (4) mode, and (5) topic commands.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.044
EPSS Ranking 88.6%
CVSS Severity
CVSS v2 Score 7.5
References
- http://osvdb.org/35001
- http://securityreason.com/securityalert/2447
- http://www.securityfocus.com/archive/1/463092/100/0/threaded
- http://www.securityfocus.com/bid/23011
- http://osvdb.org/35001
- http://securityreason.com/securityalert/2447
- http://www.securityfocus.com/archive/1/463092/100/0/threaded
- http://www.securityfocus.com/bid/23011
Products affected by CVE-2007-1503
-
cpe:2.3:a:rhapsody_irc:rhapsody_irc:0.28b