CVE-1999-1351

CVSS 2.0 Score 5.0 of 10 (medium)

Details

Published Sep 24, 1999

Updated: Nov 20, 2024

Summary

CVE-1999-1351 is a directory traversal vulnerability affecting the KVIrc IRC client version 0.9.0. When the "Listen to !nick <soundname> requests" option is enabled, a remote attacker can exploit this issue by sending a malicious DCC (Direct Client-to-Client) GET request containing a ".." (dot dot) sequence. This allows the attacker to read arbitrary files on the victim's system, potentially exposing sensitive information. The vulnerability can be exploited even if the user has not initiated the DCC connection, making it a serious concern for IRC users running the affected KVIrc client version.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/NWlX1Q
https://www.cve.org/CVERecord?id=CVE-1999-1351
https://nvd.nist.gov/vuln/detail/CVE-1999-1351

Back to Vulnerability Database

CVE-1999-1351

CVSS 2.0 Score 5.0 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations