mIRC Homepage
Posted By: StrawberryKitty Secunia Advisory - 04/06/09 08:25 AM
I searched the forum for this but couldn't find any details. Sorry if I missed them but has this issue been fixed?

mIRC "PRIVMSG" Processing Buffer Overflow Vulnerability

Thanks for any responses ^^
Posted By: argv0 Re: Secunia Advisory - 04/06/09 08:30 AM
You should check versions.txt and/or reproduce a bug before posting in this forum. This forum is for reports, not questions.

http://www.mirc.com/versions.txt
Item 1 in 6.35 shows the fix.
Posted By: StrawberryKitty Re: Secunia Advisory - 04/06/09 08:55 AM
1.Fixed nickname bug where very long nicknames (hundreds of characters in length) sent by the server would cause mIRC to crash.

Sorry for the wrong forum but doesn't the advisory I linked to say PRIVMSG not nick length?
Posted By: argv0 Re: Secunia Advisory - 04/06/09 09:46 AM
The advisory title is wrong, then. Look at the proof of concept exploit and you'll see what that advisory is describing. The exploit comes from the PRIVMSG command but the buffer overflow field is the nickname.
Posted By: Khaled Re: Secunia Advisory - 04/06/09 11:03 AM
They are indeed the same issue - the item description in versions.txt is just a little more specific about the cause :-)
Posted By: StrawberryKitty Re: Secunia Advisory - 05/06/09 09:20 AM
Thank you so much for the reply ^^
© mIRC Discussion Forums