[24113] in bugtraq
Re: Buffer overflow in mIRC allowing arbitary code to be executed.
daemon@ATHENA.MIT.EDU (Kevin Day)
Tue Feb 5 11:41:12 2002
From: Kevin Day <toasty@temphost.dragondata.com>
Message-Id: <200202050118.g151IOu11376@temphost.dragondata.com>
To: me@uuuppz.com (James Martin)
Date: Mon, 4 Feb 2002 19:18:23 -0600 (CST)
Cc: bugtraq@securityfocus.com
In-Reply-To: <no.id> from "James Martin" at Feb 03, 2002 12:11:01 AM
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
>
> General Info
> ------------
> Researched by: James Martin
> Full advisory: http://www.uuuppz.com/research/adv-001-mirc.htm
> Exploit: Proof of concept code available at above URL.
>
> Product: mIRC
> Website: http://www.mirc.com
> Version: 5.91 and all prior versions (to be best of my knowledge).
> Fix: A patch will be available soon from offical mIRC sites.
> Please do not download from unofficial sites, as you may download
> a trojaned version.
>
> Type: Buffer Overrun
> Risk: High
>
mIRC 6.0 was released on Sunday, which corrects this issue.
-- Kevin Day
