Reported October 13, 2003 by Phuong Nguyen.
mIRC 6.1 and earlier
A vulnerability in mIRC can result in the execution of arbitrary code on the vulnerable system. When you install mIRC, the software registers its own handler for URLs of type "irc". By inputting an overly long string to the "irc" protocol, such as irc://\[buffer\] (where buffer is greater than 998 bytes), an attacker can overwrite the saved instruction pointer and control the program's execution.
<span style="font-family:Verdana"> </h3>
<span style="font-family:Verdana"><a href="http://www.mirc.com/" style="color: blue; text-decoration: underline; text-underline: single">mIRC</a> has released <a href="http://www.mirc.com/get.html" style="color: blue; text-decoration: underline; text-underline: single">version 6.12</a> to address this vulnerability.</h3>
Discovered by Phuong Nguyen.