X-Chat Command Execution Via URLs Vulnerability

A vulnerability exists in versions 1.4.2 and earlier of the X-Chat IRC client. By supplying commands enclosed in backticks (``) in URL's sent to X-Chat, it is possible to execute arbitrary commands should the X-Chat user decide to view the link by clicking on it. This is due to the manner in which X-Chat launches pages for viewing.

X-Chat launches Netscape without checking for shell metacharacters in the supplied URL. This allows for an attacker to exploit shell expansion capabilities to execute commands as the user running Netscape.


Privacy Statement
Copyright 2010, SecurityFocus