Multiple IRC Client Now Playing Scripts Input Validation Vulnerability

Multiple IRC Client Now Playing Scripts Input Validation Vulnerability

Multiple IRC clients are prone to an input-validation vulnerability because they fail to adequately sanitize user-supplied input.

Attackers can exploit this issue to execute arbitrary IRC commands in IRC sessions of a victim user. On some clients, attackers may be able to leverage this issue to execute commands on the client itself.

Successful attacks can elevate attacker privileges, cause denial-of-service conditions, or in some cases (depending on the client) compromise the client. Other attacks are also possible.

The following scripts are vulnerable:

For irssi:
ixmmsa.pl 0.3, l33tmusic.pl 2.00, mpg123.pl 0.01, ogg123.pl 0.01, xmms.pl 2.0, xmms2.pl 1.1.3, and xmmsinfo.pl 1.1.1.1

For Xchat:
xmms-thing 1.0, XMMS Remote Control Script 1.07, Disrok 1.0, a2x 0.0.1, xmms-info script 1.0, and XChat-XMMS0.8.1

For WeeChat:
now-playing.rb, xmms.pl 1.1

For BitchX:
xmms.bx 1.0

Other scripts are also affected.