Vulnerability Development mailing list archives
Re: mIRC Buffer Overflow
From: Syzop <syz () dds nl>
Date: Sun, 03 Feb 2002 19:22:35 +0100
Hi, David Dorgan wrote:
An error exists in mIRC's handling of certain messages from the server, making it possible to overflow a static buffer. With carefully constructed messages arbitary code can be executed.
Just wanted to let you know I discovered this bug a year ago when I was brute forcing numerics (+random length arguments). However it didn't seem exploitable... guess I was wrong :/... (think my arguments were too small or something like that). Also another bug which was obviously a buffer overflow was fixed later in 5.9 so I didn't pay attention anymore to this stuff. However I've been using my ircop /crash command for some time >:) // bitchx crash sendto_one(acptr, ":blah 004 blah :blah blah"); // mirc crash sendto_one(acptr, ":blah 001 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"); Anyway, I didn't report it so it's your bug now :P. Cya, Syzop. PS: That bitchx bug is just because of a missing argument -> NULL pointer -> crash.
Current thread:
- mIRC Buffer Overflow David Dorgan (Feb 03)
- Re: mIRC Buffer Overflow Syzop (Feb 03)
- Re: mIRC Buffer Overflow Krish Ahya (Feb 03)
- Re: mIRC Buffer Overflow Blue Boar (Feb 03)
- Re: mIRC Buffer Overflow Blue Boar (Feb 03)
- Re: mIRC Buffer Overflow Krish Ahya (Feb 03)
- Re: mIRC Buffer Overflow Joseph Pingenot (Feb 03)
- Re: mIRC Buffer Overflow Blue Boar (Feb 03)
- Re: mIRC Buffer Overflow sould3mon (Feb 04)
- Re: mIRC Buffer Overflow Blue Boar (Feb 03)
- <Possible follow-ups>
- Re: mIRC Buffer Overflow eSDee (Feb 05)
- Re: mIRC Buffer Overflow Hybrid (Feb 05)