Vulnerability Development mailing list archives
Re: mIRC Buffer Overflow
From: "Krish Ahya" <Krish () houston rr com>
Date: Sun, 3 Feb 2002 16:28:40 -0600
I understand this, but thats all the more reason to not release an exploit. An advisory only would have better suited the situation, especially when the vendor won't fix the problem. No need to complain over spilled milk now though, whats done is done, and now to only hope the vendor will release fixes. teli Network Operations, ChatNet IRC Network Central Hub Administrator ~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~ "When you sit with a nice girl for two hours, it seems like two minutes. When you sit on a hot stove for two minutes, it seems like two hours, that's relativity." -- Albert Einstein ----- Original Message ----- From: "Blue Boar" <BlueBoar () thievco com> To: "Krish Ahya" <Krish () houston rr com> Cc: <vuln-dev () securityfocus com> Sent: Sunday, February 03, 2002 4:07 PM Subject: Re: mIRC Buffer Overflow
Krish Ahya wrote:Why would you release an exploit for this hole if currently there are no security patches for it? Do you know how many people run mIRC? Most of
which
know nothing about even how they got online! My prediction is that
several
machines are going to get compromised due to this.Did you read the page he referenced, where he indicates that he contacted the vendor in October, and they declined to make any changes? http://www.uuuppz.com/research/adv-001-mirc.htm BB
Current thread:
- mIRC Buffer Overflow David Dorgan (Feb 03)
- Re: mIRC Buffer Overflow Syzop (Feb 03)
- Re: mIRC Buffer Overflow Krish Ahya (Feb 03)
- Re: mIRC Buffer Overflow Blue Boar (Feb 03)
- Re: mIRC Buffer Overflow Blue Boar (Feb 03)
- Re: mIRC Buffer Overflow Krish Ahya (Feb 03)
- Re: mIRC Buffer Overflow Joseph Pingenot (Feb 03)
- Re: mIRC Buffer Overflow Blue Boar (Feb 03)
- Re: mIRC Buffer Overflow sould3mon (Feb 04)
- Re: mIRC Buffer Overflow Blue Boar (Feb 03)
- <Possible follow-ups>
- Re: mIRC Buffer Overflow eSDee (Feb 05)
- Re: mIRC Buffer Overflow Hybrid (Feb 05)