From Secunia: IMPACT: DoS, System access WHERE: From remote SOFTWARE: KVIrc 3.x http://secunia.com/advisories/product/14634/ DESCRIPTION: Gjoko 'LiquidWorm' Krstic has discovered a vulnerability in KVIrc, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a format string error while processing URIs and can be exploited e.g. by tricking a user into opening a specially crafted "irc://" URI. Successful exploitation may allow execution of arbitrary code, but requires that KVIrc is the default handler for IRC URIs. The vulnerability is confirmed in version 3.4.0 on Windows. Other versions may also be affected. SOLUTION: Do not follow untrusted links or browse untrusted websites. PROVIDED AND/OR DISCOVERED BY: Gjoko 'LiquidWorm' Krstic ORIGINAL ADVISORY: http://milw0rm.com/exploits/6832
matti, feel free to cc maintainers and set whiteboard.
CVE-2008-4748
The devs in #kvirc say it is a Windows-only problem as not KVIrc is vulnerable but MS Internet Explorer is (in that case). A workaround is also included in KVIrc so that this shouldn't be able to exploit anymore (on windows). I think, this bug can be closed.
Verified and should not affect anybody on our plattforms. closing.
