[NT] mIRC Unspecified DCC Request Vulnerability

From: SecuriTeam (support_at_securiteam.com)
Date: 10/14/03

  • Next message: SecuriTeam: "[EXPL] mIRC Unspecified DCC Request Vulnerability (Exploit)" 
    To: list@securiteam.com
Date: 14 Oct 2003 09:36:24 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      mIRC Unspecified DCC Request Vulnerability
    ------------------------------------------------------------------------

    SUMMARY

     <http://www.mirc.com/> mIRC "attempts to provide a user-friendly
    interface for use with the Internet Relay Chat network. The IRC network is
    a virtual meeting place where people from all over the world can meet and
    talk".

    A vulnerability in the DCC done by mIRC allows remote attackers to crash
    the client.

    DETAILS

    Vulnerable systems:
     * mIRC version 6.11 and prior

    Immune systems:
     * mIRC version 6.12

    Solution:
    A new version is available at mIRC's web site:
    <http://www.mirc.co.uk/get.html> http://www.mirc.co.uk/get.html.

    Workaround:
    Use the /ignore -wd * directive.

    For additional information see:
    <http://www.irchelp.org/irchelp/mirc/exploit.html>
    http://www.irchelp.org/irchelp/mirc/exploit.html.

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:expert@securiteam.com>
    SecurITeam Experts.

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[EXPL] mIRC Unspecified DCC Request Vulnerability (Exploit)"

    Relevant Pages

    • [NT] mIRC USERHOST Buffer Overflow
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... A security vulnerability in mIRC, a popular IRC client for Windows, allows ... When requesting a user's host information, mIRC assumes that the host is ... an overflow will occur in mIRC. ...
      (Securiteam)
    • [UNIX] My_eGallery Code Injection
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... parameter to My_eGallery so it actually includes malicious PHP code. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
      (Securiteam)
    • [EXPL] mIRC "IRC" Protocol Remote Buffer Overflow (Exploit)
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... a vulnerability in mIRC allows remote attackers ... replacing the shellcode with your own is also ...
      (Securiteam)
    • [UNIX] Cross-Site Scripting CuteNews (show_archives, show_news)
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... CuteNews is "a powerful and easy ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
      (Securiteam)
    • [NT] mIRC Font Buffer Overflow (Exploit)
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... " <http://mirc.com/> mIRC is a friendly IRC client that is well equipped ... A local buffer overflow with the /font command in mIRC was found. ... char strClass; ...
      (Securiteam)