F-Secure
Tools
mIRC "PRIVMSG" Processing Buffer Overflow Vulnerability
| Report ID: | SA32102 |
| Source: | Secunia |
| Date of Discovery: | 03.10.2008 |
| Criticality: | Moderate |
| Affects: | mIRC 6.x |
| Compromise From: | From remote |
| Compromise Type: | System access |
Summary
A vulnerability has been discovered in mIRC, which can be exploited by malicious people to compromise a user's system.
Detailed Description
A vulnerability has been discovered in mIRC, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in the processing of "PRIVMSG" IRC messages. This can be exploited to cause a stack-based buffer overflow by tricking a user into connecting to a malicious IRC server.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in version 6.34. Other versions may also be affected.
The vulnerability is caused due to a boundary error in the processing of "PRIVMSG" IRC messages. This can be exploited to cause a stack-based buffer overflow by tricking a user into connecting to a malicious IRC server.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in version 6.34. Other versions may also be affected.
Solution
Do not connect to untrusted IRC servers.
Do not follow untrusted links or browse untrusted websites.
Do not follow untrusted links or browse untrusted websites.