Vulnerability Development mailing list archives
mIRC Buffer Overflow
From: David Dorgan <d () xevion net>
Date: Sun, 3 Feb 2002 11:20:10 -0500
General Info ------------ Researched by: James Martin Full advisory: http://www.uuuppz.com/research/adv-001-mirc.htm Exploit: Proof of concept code available at above URL. Product: mIRC Website: http://www.mirc.com Version: 5.91 and all prior versions (to be best of my knowledge). Fix: A patch will be available soon from offical mIRC sites. Please do not download from unofficial sites, as you may download a trojaned version. Type: Buffer Overrun Risk: High Summary ------- A security vulnerability has been found in the popular IRC client mIRC. The flaw allows a rogue/hacked IRC server to execute arbitary code on the victims machine. Allowing the attacker to gain full control of the victims computer. This bug affects all versions of mIRC upto and including version 5.91. An error exists in mIRC's handling of certain messages from the server, making it possible to overflow a static buffer. With carefully constructed messages arbitary code can be executed. The flaw must be exploited by a rogue server, however it is possible to cause a user to unknowingly connect to a server. If a webpage is viewed in Internet Explorer which contains specific code mIRC will attempt to connect to a server, sometimes without prompting the user for conformation. ----- End forwarded message ----- -- "They laughed at me when I said I wanted to become a stand-up comedian. They're not laughing now."
Current thread:
- mIRC Buffer Overflow David Dorgan (Feb 03)
- Re: mIRC Buffer Overflow Syzop (Feb 03)
- Re: mIRC Buffer Overflow Krish Ahya (Feb 03)
- Re: mIRC Buffer Overflow Blue Boar (Feb 03)
- Re: mIRC Buffer Overflow Blue Boar (Feb 03)
- Re: mIRC Buffer Overflow Krish Ahya (Feb 03)
- Re: mIRC Buffer Overflow Joseph Pingenot (Feb 03)
- Re: mIRC Buffer Overflow Blue Boar (Feb 03)
- Re: mIRC Buffer Overflow sould3mon (Feb 04)
- Re: mIRC Buffer Overflow Blue Boar (Feb 03)
- <Possible follow-ups>
- Re: mIRC Buffer Overflow eSDee (Feb 05)
- Re: mIRC Buffer Overflow Hybrid (Feb 05)