Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: mIRC Buffer Overflow

Re: mIRC Buffer Overflow

From: Hybrid <seclist.localhost_at_ntlworld.com>
Date: Tue, 5 Feb 2002 18:13:02 -0000

----- Original Message -----
From: "eSDee" <witkuifkakkatoe_at_hotmail.com>
To: <vuln-dev_at_securityfocus.com>
Sent: Tuesday, February 05, 2002 12:40 PM
Subject: Re: mIRC Buffer Overflow

> well, i published the 001 bug a long time ago on the
> bugreport forum of mirc. I thought first that it was not
> exploitble.
>
> http://trout.snt.utwente.nl:82/showflat.pl?
> Cat=&Board=bugreports&Number=34363&page=26&
> view=collapsed&sb=5&o=186&fpart=
>
> posted on 02/11/01, since then about 92 views, but
> no reply.

And you were accredited accordingly in James' advisory..

> The bug is fixed in mirc 6.0, so i don't know why
> everybody is talking about "no patch".

I assume the lack of patch refers to the less serious of the two bugs,
irc:// handling, as the vendor considered that to be an issue with IE/OE.
Though don't quote me on that, it may too have been fixed in version 6.

- Hyb
- http://deviate.cx/
Received on Feb 05 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos