|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[sec-adv] mIRC IRC URI Handler Buffer Overflow Vulnerability
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Tue Oct 14 2003 - 04:47:44 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
mIRC IRC URI Handler Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA9996
VERIFY ADVISORY:
http://www.secunia.com/advisories/9996/
CRITICAL:
Moderately critical
IMPACT:
System access
WHERE:
From remote
SOFTWARE:
mIRC 6.x
DESCRIPTION:
A vulnerability has been reported in mIRC, which can be exploited by
malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error when a browser
passes input to mIRC via the "irc:" URI handler. This can be
exploited by supplying an overly long, specially crafted hostname,
which causes a buffer overflow.
Example:
irc://[AAAA...[x998]...AAAA
Succesful exploitation allows execution of arbitrary code on the
user's system.
The vulnerability may be related to:
SA9906
SOLUTION:
Update to version 6.12:
http://www.mirc.com/get.html
REPORTED BY / CREDITS:
Phuong Nguyen
OTHER REFERENCES:
SA9906:
http://www.secunia.com/advisories/9906/
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +45 7020 5144
Fax : +45 7020 5145
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]