mIRC PRIVMSG hostname buffer overflow

2008-03-13T00:00:00
ID SAINT:499951A6658B669A354C94BCA5B195CD
Type saint
Reporter SAINT Corporation
Modified 2008-03-13T00:00:00

Description

Added: 03/13/2008
CVE: CVE-2008-4449
BID: 31552
OSVDB: 48752

Background

mIRC is an Internet Relay Chat (IRC) client.

Problem

A buffer overflow in mIRC allows command execution when a user connects to a malicious IRC server which sends a PRIVMSG message with a long, specially crafted hostname.

Resolution

Upgrade to mIRC 6.35 or higher.

References

<http://secunia.com/advisories/32102/>

Limitations

Exploit works on mIRC 6.34 and requires a user to connect to the exploit server using mIRC.

Platforms

Windows 2000
Windows XP