Vulnerability Development mailing list archives

Re: mIRC Buffer Overflow

From: "Hybrid" <seclist.localhost () ntlworld com>
Date: Tue, 5 Feb 2002 18:13:02 -0000


----- Original Message -----
From: "eSDee" <witkuifkakkatoe () hotmail com>
To: <vuln-dev () securityfocus com>
Sent: Tuesday, February 05, 2002 12:40 PM
Subject: Re: mIRC Buffer Overflow

well, i published the 001 bug a long time ago on the
bugreport forum of mirc. I thought first that it was not
exploitble.

http://trout.snt.utwente.nl:82/showflat.pl?
Cat=&Board=bugreports&Number=34363&page=26&
view=collapsed&sb=5&o=186&fpart=

posted on 02/11/01, since then about 92 views, but
no reply.


And you were accredited accordingly in James' advisory..

The bug is fixed in mirc 6.0, so i don't know why
everybody is talking about "no patch".


I assume the lack of patch refers to the less serious of the two bugs,
irc:// handling, as the vendor considered that to be an issue with IE/OE.
Though don't quote me on that, it may too have been fixed in version 6.

- Hyb
- http://deviate.cx/

Current thread:

mIRC Buffer Overflow David Dorgan (Feb 03)
- Re: mIRC Buffer Overflow Syzop (Feb 03)
- Re: mIRC Buffer Overflow Krish Ahya (Feb 03)
  - Re: mIRC Buffer Overflow Blue Boar (Feb 03)
    - Re: mIRC Buffer Overflow Blue Boar (Feb 03)
    - Re: mIRC Buffer Overflow Krish Ahya (Feb 03)
    - Re: mIRC Buffer Overflow Joseph Pingenot (Feb 03)
    - Re: mIRC Buffer Overflow Blue Boar (Feb 03)
    - Re: mIRC Buffer Overflow sould3mon (Feb 04)
- <Possible follow-ups>
- Re: mIRC Buffer Overflow eSDee (Feb 05)
  - Re: mIRC Buffer Overflow Hybrid (Feb 05)