RESOURCES
mIRC - Buffer Overflow in IRC:// Protocol

DESCRIPTION

"mIRC attempts to provide a user-friendly interface for use with the Internet Relay Chat network. The IRC network is a virtual meeting place where people from all over the world can meet and talk".

More information at http://www.mirc.com.

SUMMARY

PRODUCT mIRC
VENDOR mIRC
AFFECTED VERSIONS mIRC <6.1
SEVERITY
IDENTIFIER N/A
TESTED PLATFORM Windows 2000

An attacker can take advantage of a remote buffer overflow vulnerability exists in current version of mIRC to potentially have his malicious code executed under the remote user context.

IMPACT

Execute Arbitrary Code.

DETAILS

When Mirc is installed, it registers its own handler for URL of the type "irc".

Calling "irc://irc.hackme.com" from the web browser causes mirc.exe to be executed and ready to connect to irc.hackme.com server. By inputing an overly long string to the "irc" protocol, an attacker is able to overwrite the saved instruction pointer and thus controls the program's execution. For instance:

irc://[buffer]...... where's buffer >998 bytes

Exploiting this type of vulnerability doesn't require a lot of user intervention. The attacker just needs to entice the mIRC users to click and load his crafted URL. Successful exploitation of this vulnerability allows the attacker to have his malicious code executed under the current user's privilege.

PROOF OF CONCEPT

irc://[buffer]...... where's buffer >998 bytes

VENDOR STATUS

The mIRC author has released a newer version (6.11) which fixes the issue. The patch/fixed version is available for download at http://www.mirc.com/get.html.

CREDIT

Phuong Nguyen

DISCLOSURE TIMELINE

N/A

APPENDIX

N/A

REFERENCES

N/A

We use cookies

This website uses cookies to ensure you get the best experience on our website. By continuing to browse the site, you agree to our use of cookies.Learn more