CVE-2002-0006

Name of the Vulnerable Software and Affected Versions XChat versions 1.8.7 and earlier XChat versions 1.4.2 and 1.4.3

Description The issue allows remote attackers to execute arbitrary IRC commands as other clients via encoded characters in a PRIVMSG command that calls CTCP PING. This occurs when the percascii variable is set, causing the characters to expand in the client response.

Recommendations For XChat versions 1.8.7 and earlier, update to a version later than 1.8.7 to resolve the issue. For XChat versions 1.4.2 and 1.4.3, consider updating to a version later than 1.4.3 or modifying the default configuration to unset the percascii variable as a temporary workaround.