Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: mIRC Buffer Overflow

Re: mIRC Buffer Overflow

From: Krish Ahya <Krish_at_houston.rr.com>
Date: Sun, 3 Feb 2002 16:28:40 -0600

I understand this, but thats all the more reason to not release an exploit.
An advisory only would have better suited the situation, especially when the
vendor won't fix the problem.

No need to complain over spilled milk now though, whats done is done, and
now to only hope the vendor will release fixes.

teli
Network Operations, ChatNet IRC Network
Central Hub Administrator
~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~
"When you sit with a nice girl for two hours, it seems like two minutes.
When you sit on a hot stove for two minutes, it seems like two hours, that's
relativity." -- Albert Einstein

----- Original Message -----
From: "Blue Boar" <BlueBoar_at_thievco.com>
To: "Krish Ahya" <Krish_at_houston.rr.com>
Cc: <vuln-dev_at_securityfocus.com>
Sent: Sunday, February 03, 2002 4:07 PM
Subject: Re: mIRC Buffer Overflow

> Krish Ahya wrote:
> >
> > Why would you release an exploit for this hole if currently there are no
> > security patches for it? Do you know how many people run mIRC? Most of
which
> > know nothing about even how they got online! My prediction is that
several
> > machines are going to get compromised due to this.
>
> Did you read the page he referenced, where he indicates that he
> contacted the vendor in October, and they declined to make any changes?
> http://www.uuuppz.com/research/adv-001-mirc.htm
>
> BB
>
Received on Feb 03 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos