CVE-2007-4397 Information
Description
Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0 (2) XMMS Remote Control Script 1.07 (3) Disrok 1.0 (4) a2x 0.0.1 (5) Another xmms-info script 1.0 (6) XChat-XMMS 0.8.1 and other unspecified scripts for XChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
Reference
http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065227.html http://osvdb.org/39574 http://osvdb.org/39575 http://secunia.com/advisories/26454 http://secunia.com/advisories/26455 http://secunia.com/advisories/26484 http://secunia.com/advisories/26485 http://secunia.com/advisories/26486 http://secunia.com/advisories/26487 http://secunia.com/advisories/26488 http://securityreason.com/securityalert/3036 http://wouter.coekaerts.be/site/security/nowplaying http://www.securityfocus.com/archive/1/476283/100/0/threaded http://www.securityfocus.com/bid/25281 https://exchange.xforce.ibmcloud.com/vulnerabilities/35985
Share on: