CVE-2007-4397

Name of the Vulnerable Software and Affected Versions xmms-thing version 1.0 XMMS Remote Control Script version 1.07 Disrok version 1.0 a2x version 0.0.1 Another xmms-info script version 1.0 XChat-XMMS version 0.8.1

Description The issue allows user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file. This is due to multiple CRLF injection vulnerabilities in various scripts for XChat.

Recommendations For xmms-thing version 1.0, consider disabling the processing of .mp3 file names until a patch is available. For XMMS Remote Control Script version 1.07, restrict access to the script to minimize the risk of exploitation. For Disrok version 1.0, avoid using the script with untrusted .mp3 files. For a2x version 0.0.1, temporarily remove the script from use. For Another xmms-info script version 1.0, disable the script's ability to execute IRC commands. For XChat-XMMS version 0.8.1, consider updating the script to a version that sanitizes .mp3 file names.