Info

Disclosure

Oct 24, 2001

Discovery

Oct 24, 2001

Dates

Exploit

Dec 15, 2001

Solution

Unknown

Description

A remote overflow exists in mIRC. It fails to validate nickname strings resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Available

Solution

Upgrade to version 6.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Khaled Mardam-Bey	mIRC	2.x
		3.x
		4.x
		5.0x
		5.1x
		5.2x
		5.3x
		5.4x
		5.5x
		5.6x
		5.7x
		5.8x
		5.9
		5.91

References

CVE ID: 2002-0231 (see also: NVD)
Bugtraq ID: 4027
ISS X-Force ID: 8083
Vendor URL: http://www.mirc.com/index.html
Other Advisory URL: http://www.uuuppz.com/research/adv-001-mirc.htm
Generic Exploit URL: http://www.uuuppz.com/research/mircexploit-v591.c

Credit

James Martin - meuuuppz.com -

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Khaled Mardam-Bey

mIRC

References

Credit