mIRC bug.
Results 1 to 4 of 4

Thread: mIRC bug.

  1. #1
    Member
    Join Date
    Nov 2001
    Posts
    54

    Exclamation mIRC bug.

    A serious bug can do execute a malicious code from a cracker.

    Bug was discovered and announced Sunday 3 Feb, when K. Mardam-Bey has released new version of mIRC (6.0).

    Bug is a buffer overflow, which determine nick assignment when an user try to connect at IRC server. It's possible send a nickname more large of 200 characters and force to connect it to an aggressive IRC server.
    Cracker can also use a HTML code (web pages or e-mail) to force launch mIRC and connect it at a determined IP address.

    All mIRC's version antecedent 6.0 are vulnerable.

    In this moment aren't patch.

    For details http://www.punto-informatico.it/p.asp?i=38934 (italian language).
    What is essential is invisible
    to the eye ...
    ]֧|-|
    Share on Google+

  2. #2
    Senior Member
    Join Date
    Nov 2001
    Posts
    157
    I first found out about the problem from http://www.incidents.org

    Title: MIRC Chat Users Vulnerable To New Attack
    There is a security vulnerability in the mIRC online chat program, versions 5.91
    and earlier, that could allow a cyber attacker to remotely run malicious
    programs on the computers running the software. An exploit was published
    detailing the means to exploit the buffer over-flow flaw. The individual who
    discovered the flaw alerted the company that developed the program, and waited
    to publish the exploit until mIRC version 6 was released February 3, 2002.
    http://www.newsbytes.com/news/02/174185.html
    Perhaps it'd be a good idea to put in the MOTD on irc.antionline.com .....
    =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-==-=
    Noah built the ark BEFORE it rained.


    http://ld.net/?rn
    =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-==-=
    Share on Google+

  3. #3
    hmmm sounds like fun I should try it.

    muwhahahaha!
    Share on Google+

  4. #4
    Member
    Join Date
    Nov 2001
    Posts
    54

    Talking Additional info

    I'm found complete informations at this url:
    http://www.uuuppz.com/research/adv-001-mirc.htm

    Here there is an exploit for ver. 5.91:
    http://www.uuuppz.com/research/mircexploit-v591.c

    Have funny.
    What is essential is invisible
    to the eye ...
    ]֧|-|
    Share on Google+

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •