ISS X-Force Database: mirc-ircprotocol-execute-code(13405): mIRC long string supplied to IRC protocol could allow execution of code

mIRC long string supplied to IRC protocol could allow execution of code

mirc-ircprotocol-execute-code (13405)

High Risk

Description:

mIRC is vulnerable to a buffer overflow. Installation of mIRC causes mIRC to register its own software routine for "irc" type URLs. By creating a specially-crafted URL with a long string in the "irc" protocol, a remote attacker can overflow a buffer and execute arbitrary code on the system with privileges of the user, once the link is clicked.

Platforms Affected:

mIRC, mIRC 6.1 and prior

Remedy:

Upgrade to the latest version of mIRC (6.12 or later), available from the mIRC Home page. See References.

Consequences:

Gain Access

References:

mIRC Home page, mIRC - An Internet Relay Chat program at http://www.mirc.com/index.html.
NTBugTraq Mailing List, Wed Oct 15 2003 - 03:36:40 CDT, mIRC Buffer Overflow in irc protocol handler at http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0060.html.
SecuriTeam Mailing List, Windows NT focus 13 Oct 2003, mIRC Buffer Overflow (irc:// Links) at http://www.securiteam.com/windowsntfocus/6M00B0U8KE.html.
BID-8819: mIRC IRC URL Buffer Overflow Vulnerability
BID-8880: mIRC DCC SEND Variant Buffer Overflow Vulnerability
CVE-2003-1336: Buffer overflow in mIRC before 6.11 allows remote attackers to execute arbitrary code via a long irc:// URL.
CVE-2003-1508: Buffer overflow in mIRC 6.12, when the DCC get dialog window has been minimized and the user opens the minimized window, allows remote attackers to cause a denial of service (crash) via a long filename.
OSVDB ID: 2665: mIRC IRC URI Handler Overflow
SA9996: mIRC IRC URI Handler Buffer Overflow Vulnerability

Reported:

Oct 11, 2003

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page