vendor:
ViRC
by:
Krystian Kloskowski (h07) <h07@interia.pl>
N/A
CVSS
HIGH
Remote SEH Overwrite
CWE
Product Name: ViRC
Affected Version From: ViRC 2.0
Affected Version To: ViRC 2.0
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Windows 2000 SP4 Polish
ViRC 2.0 ‘JOIN Response’ 0day Remote SEH Overwrite PoC Exploit
This is a proof-of-concept exploit for the ViRC 2.0 'JOIN Response' vulnerability. The exploit takes advantage of a buffer overflow in the JOIN response message to overwrite the Structured Exception Handler (SEH) record and gain control of the program flow. The exploit includes a shellcode that executes the Windows command 'calc.exe'. The exploit works by sending a specially crafted JOIN response message to the ViRC client, which then passes the message to the IRC server. The exploit_tunnel is used to intercept and modify the message before it reaches the IRC server. The exploit has been tested on Visual IRC 2.0 with Windows 2000 SP4 Polish.
Mitigation:
To mitigate this vulnerability, it is recommended to update to a patched version of the ViRC client that addresses the buffer overflow issue.