mIRC PRIVMSG hostname buffer overflow

Added: 03/13/2008
CVE: CVE-2008-4449
BID: 31552
OSVDB: 48752

Background

mIRC is an Internet Relay Chat (IRC) client.

Problem

A buffer overflow in mIRC allows command execution when a user connects to a malicious IRC server which sends a PRIVMSG message with a long, specially crafted hostname.

Resolution

Upgrade to mIRC 6.35 or higher.

References

http://secunia.com/advisories/32102/

Limitations

Exploit works on mIRC 6.34 and requires a user to connect to the exploit server using mIRC.

Platforms

Windows 2000
Windows XP

Back to exploit index