CVE-2008-2841
published 2008-06-24CVE-2008-2841: Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands…
PriorityP345medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
15.38%
96.4th percentile
Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xchat | xchat | <= 2.8.7b | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-64rw-mj5q-w82v: Argument injection vulnerability in XChat 2
ghsa_unreviewed·2022-05-01
CVE-2008-2841 [MEDIUM] CWE-94 GHSA-64rw-mj5q-w82v: Argument injection vulnerability in XChat 2
Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI.
Red Hat
xchat: command execution when xchat is started from the browser
vendor_redhat·2008-06-13·CVSS 6.8
CVE-2008-2841 [MEDIUM] xchat: command execution when xchat is started from the browser
xchat: command execution when xchat is started from the browser
Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI.
Statement: Not vulnerable. This issue did not affect the versions of XChat as shipped with Red Hat Enterprise Linux.
No detection rules found.
Exploit-DB
Google Chrome < 14.0.835.163 - '.pdf' File Handling Memory Corruption
exploitdb·2011-10-04·CVSS 6.8
CVE-2011-2841 [MEDIUM] Google Chrome < 14.0.835.163 - '.pdf' File Handling Memory Corruption
Google Chrome = 14.0.835.163
Discovered by: Mario Gomes
----------------Summary----------------
Google Chrome is a web browser developed by Google that uses the WebKit layout engine.
It was first released as a beta version for Microsoft Windows on September 2, 2008, and the public stable release was on December 11, 2008.
The name is derived from the graphical user interface frame, or "chrome", of web browsers.
As of August 2011, Chrome is the third most widely used browser with 23.16% worldwide usage share of web browsers, according to StatCounter.(From Wikipedia)
----------------Description----------------
Google Chrome suffers from a memory corruption vulnerability that occurs in the manipulation of PDF files.
The failure occurs when the browser opens an HTML file that contains mul
Exploit-DB
XChat 2.8.7b - 'URI Handler' Remote Code Execution (Internet Explorer 6/7)
exploitdb·2008-06-13
CVE-2008-2841 XChat 2.8.7b - 'URI Handler' Remote Code Execution (Internet Explorer 6/7)
XChat 2.8.7b - 'URI Handler' Remote Code Execution (Internet Explorer 6/7)
---
##################################################################################################################
#
# Xchat
Welcome to my personal website
document.location='ircs://[email protected]" --command "shell calc"'
# milw0rm.com [2008-06-13]
http://forum.xchat.org/viewtopic.php?t=4218http://secunia.com/advisories/30695http://www.securityfocus.com/bid/29696https://exchange.xforce.ibmcloud.com/vulnerabilities/43065https://www.exploit-db.com/exploits/5795http://forum.xchat.org/viewtopic.php?t=4218http://secunia.com/advisories/30695http://www.securityfocus.com/bid/29696https://exchange.xforce.ibmcloud.com/vulnerabilities/43065https://www.exploit-db.com/exploits/5795
2008-06-24
Published