CVE-2007-4397

Severity Score

6.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for XChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.

Múltiples vulnerabilidades de inyección CRLF en (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, y otras secuencias de comandos no especificadas para XChat permite a atacantes remotos con la intervención del usuario ejecutar comandos IRC de su elección a través de secuencias CRLF en el nombre de la canción en un archivo .mp3.

*Credits: N/A

CVSS Scores

NISTv2 6.8

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-08-18 CVE Reserved
2007-08-18 CVE Published
2024-08-07 CVE Updated
2024-08-07 First Exploit
2024-09-05 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (15)

URL	Tag	Source
http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065227.html	Mailing List
http://osvdb.org/39574	Vdb Entry
http://osvdb.org/39575	Vdb Entry
http://securityreason.com/securityalert/3036	Third Party Advisory
http://wouter.coekaerts.be/site/security/nowplaying	X_refsource_misc
http://www.securityfocus.com/archive/1/476283/100/0/threaded	Mailing List
https://exchange.xforce.ibmcloud.com/vulnerabilities/35985	Vdb Entry

URL	Date	SRC
http://www.securityfocus.com/bid/25281	2024-08-07

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/26454	2018-10-15
http://secunia.com/advisories/26455	2018-10-15
http://secunia.com/advisories/26484	2018-10-15
http://secunia.com/advisories/26485	2018-10-15
http://secunia.com/advisories/26486	2018-10-15
http://secunia.com/advisories/26487	2018-10-15
http://secunia.com/advisories/26488	2018-10-15

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Irssi Search vendor "Irssi"		Irssi Search vendor "Irssi" for product "Irssi"				<= 0.8.10rc5 Search vendor "Irssi" for product "Irssi" and version " <= 0.8.10rc5"		-		Affected
Kristof Korwisi Search vendor "Kristof Korwisi"		Ixmmsa Search vendor "Kristof Korwisi" for product "Ixmmsa"				0.3 Search vendor "Kristof Korwisi" for product "Ixmmsa" and version "0.3"		-		Affected
Mikachu Search vendor "Mikachu"		L33t Xmms Music Showing Script Search vendor "Mikachu" for product "L33t Xmms Music Showing Script"				2.00 Search vendor "Mikachu" for product "L33t Xmms Music Showing Script" and version "2.00"		-		Affected
Ricardo Mesquita Search vendor "Ricardo Mesquita"		Mpg123 Search vendor "Ricardo Mesquita" for product "Mpg123"				0.01 Search vendor "Ricardo Mesquita" for product "Mpg123" and version "0.01"		-		Affected
Ricardo Mesquita Search vendor "Ricardo Mesquita"		Ogg123 Search vendor "Ricardo Mesquita" for product "Ogg123"				0.01 Search vendor "Ricardo Mesquita" for product "Ogg123" and version "0.01"		-		Affected
Simon Search vendor "Simon"		Xmms2 Search vendor "Simon" for product "Xmms2"				1.1.3 Search vendor "Simon" for product "Xmms2" and version "1.1.3"		-		Affected
Tuomas Jormola Search vendor "Tuomas Jormola"		Xmmsinfo Search vendor "Tuomas Jormola" for product "Xmmsinfo"				1.1.1.1 Search vendor "Tuomas Jormola" for product "Xmmsinfo" and version "1.1.1.1"		-		Affected