Reported October 13, 2003 by Phuong Nguyen.

 

 

VERSIONS AFFECTED

 

mIRC 6.1 and earlier

 

DESCRIPTION

 

A vulnerability in mIRC can result in the execution of arbitrary code on the vulnerable system. When you install mIRC, the software registers its own handler for URLs of type "irc". By inputting an overly long string to the "irc" protocol, such as irc://\[buffer\] (where buffer is greater than 998 bytes), an attacker can overwrite the saved instruction pointer and control the program's execution.

<span style="font-family:Verdana"> </h3>

VENDOR RESPONSE

 

<span style="font-family:Verdana"><a href="http://www.mirc.com/" style="color: blue; text-decoration: underline; text-underline: single">mIRC</a> has released <a href="http://www.mirc.com/get.html" style="color: blue; text-decoration: underline; text-underline: single">version 6.12</a> to address this vulnerability.</h3>

 

CREDIT

 

Discovered by Phuong Nguyen.