Light Channel Name Arbitrary Command Execution Vulnerability

Light is a freely available, open source IRC script for the EPIC IRC client. It is available for Unix, Linux, and Windows platforms.

It has been discovered that Light does not properly handle some channel names. A channel containing embedded code in the channel name would, when joined by a user of Light, result in the execution of the code in the channel name. This could allow an attacker to gain access to a system in the security context of the Light user.


 

Privacy Statement
Copyright 2010, SecurityFocus