Home page logo

bugtraq logo Bugtraq mailing list archives

Buffer overflow in mIRC allowing arbitary code to be executed.
From: "James Martin" <me () uuuppz com>
Date: Sun, 3 Feb 2002 00:11:01 -0000

General Info
Researched by: James Martin
Full advisory: http://www.uuuppz.com/research/adv-001-mirc.htm
Exploit: Proof of concept code available at above URL.

Product: mIRC
Website: http://www.mirc.com
Version: 5.91 and all prior versions (to be best of my knowledge).
Fix: A patch will be available soon from offical mIRC sites.
     Please do not download from unofficial sites, as you may download
     a trojaned version.

Type: Buffer Overrun
Risk: High

A security vulnerability has been found in the popular IRC client mIRC.
The flaw allows a rogue/hacked IRC server to execute arbitary code on
the victims machine. Allowing the attacker to gain full control of the
victims computer. This bug affects all versions of mIRC upto and
including version 5.91.

An error exists in mIRC's handling of certain messages from the server,
making it possible to overflow a static buffer. With carefully constructed
messages arbitary code can be executed.

The flaw must be exploited by a rogue server, however it is possible to
cause a user to unknowingly connect to a server. If a webpage is viewed
in Internet Explorer which contains specific code mIRC will attempt to
connect to a server, sometimes without prompting the user for conformation.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]