[NT] mIRC Unspecified DCC Request Vulnerability
From: SecuriTeam (support_at_securiteam.com)
Date: 10/14/03
- Previous message: SecuriTeam: "[EXPL] ProFTPD ASCII File Remote Root Exploit (Breaks Chroot)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 14 Oct 2003 09:36:24 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
mIRC Unspecified DCC Request Vulnerability
------------------------------------------------------------------------
SUMMARY
<http://www.mirc.com/> mIRC "attempts to provide a user-friendly
interface for use with the Internet Relay Chat network. The IRC network is
a virtual meeting place where people from all over the world can meet and
talk".
A vulnerability in the DCC done by mIRC allows remote attackers to crash
the client.
DETAILS
Vulnerable systems:
* mIRC version 6.11 and prior
Immune systems:
* mIRC version 6.12
Solution:
A new version is available at mIRC's web site:
<http://www.mirc.co.uk/get.html> http://www.mirc.co.uk/get.html.
Workaround:
Use the /ignore -wd * directive.
For additional information see:
<http://www.irchelp.org/irchelp/mirc/exploit.html>
http://www.irchelp.org/irchelp/mirc/exploit.html.
ADDITIONAL INFORMATION
The information has been provided by <mailto:expert@securiteam.com>
SecurITeam Experts.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[EXPL] ProFTPD ASCII File Remote Root Exploit (Breaks Chroot)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- [NT] mIRC USERHOST Buffer Overflow
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... A security vulnerability in mIRC,
a popular IRC client for Windows, allows ... When requesting a user's host information,
mIRC assumes that the host is ... an overflow will occur in mIRC. ... (Securiteam) - [UNIX] My_eGallery Code Injection
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... parameter to My_eGallery
so it actually includes malicious PHP code. ... In no event shall we be liable for any
damages whatsoever including direct, indirect, incidental, consequential, loss of business profits
or special damages. ... (Securiteam) - [EXPL] mIRC "IRC" Protocol Remote Buffer Overflow (Exploit)
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... a vulnerability in mIRC
allows remote attackers ... replacing the shellcode with your own is also ... (Securiteam) - [UNIX] Cross-Site Scripting CuteNews (show_archives, show_news)
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... CuteNews is "a powerful
and easy ... In no event shall we be liable for any damages whatsoever including direct,
indirect, incidental, consequential, loss of business profits or special damages. ... (Securiteam) - [NT] mIRC Font Buffer Overflow (Exploit)
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... " <http://mirc.com/>
mIRC is a friendly IRC client that is well equipped ... A local buffer overflow with the /font
command in mIRC was found. ... char strClass; ... (Securiteam)
