Vulnerability Development mailing list archives
Re: mIRC Buffer Overflow
From: "Hybrid" <seclist.localhost () ntlworld com>
Date: Tue, 5 Feb 2002 18:13:02 -0000
----- Original Message ----- From: "eSDee" <witkuifkakkatoe () hotmail com> To: <vuln-dev () securityfocus com> Sent: Tuesday, February 05, 2002 12:40 PM Subject: Re: mIRC Buffer Overflow
well, i published the 001 bug a long time ago on the bugreport forum of mirc. I thought first that it was not exploitble. http://trout.snt.utwente.nl:82/showflat.pl? Cat=&Board=bugreports&Number=34363&page=26& view=collapsed&sb=5&o=186&fpart= posted on 02/11/01, since then about 92 views, but no reply.
And you were accredited accordingly in James' advisory..
The bug is fixed in mirc 6.0, so i don't know why everybody is talking about "no patch".
I assume the lack of patch refers to the less serious of the two bugs, irc:// handling, as the vendor considered that to be an issue with IE/OE. Though don't quote me on that, it may too have been fixed in version 6. - Hyb - http://deviate.cx/
Current thread:
- mIRC Buffer Overflow David Dorgan (Feb 03)
- Re: mIRC Buffer Overflow Syzop (Feb 03)
- Re: mIRC Buffer Overflow Krish Ahya (Feb 03)
- Re: mIRC Buffer Overflow Blue Boar (Feb 03)
- Re: mIRC Buffer Overflow Blue Boar (Feb 03)
- Re: mIRC Buffer Overflow Krish Ahya (Feb 03)
- Re: mIRC Buffer Overflow Joseph Pingenot (Feb 03)
- Re: mIRC Buffer Overflow Blue Boar (Feb 03)
- Re: mIRC Buffer Overflow sould3mon (Feb 04)
- Re: mIRC Buffer Overflow Blue Boar (Feb 03)
- <Possible follow-ups>
- Re: mIRC Buffer Overflow eSDee (Feb 05)
- Re: mIRC Buffer Overflow Hybrid (Feb 05)