CVE-2007-1503

Name of the Vulnerable Software and Affected Versions Rhapsody IRC version 0.28b

Description The issue involves multiple format string vulnerabilities in the comm.c file. These vulnerabilities allow remote attackers to execute arbitrary code via format string specifiers to the create ctcp message function. The attack vectors include the me and ctcp commands, and possibly the whois, mode, and topic commands, by providing malicious input as the message argument.

Recommendations For Rhapsody IRC version 0.28b, consider disabling the create ctcp message function or restricting the use of the me and ctcp commands until a patch is available. Additionally, limiting the input to the whois, mode, and topic commands may help minimize the risk of exploitation.