– IRC News

All about Internet Relay Chat

mIRC Local DCC Issue: Exploit, Vulnerability or Neither?

mIRC has seen issues with DCC exploits in the past. In December of last year another possible exploit/vulnerability has been announced on SecurityFocus IRC-Junkie initially decided not to post about since its significance was so minor. However, this issue seems to ruffle up feathers across several forums now.

The issue is described as a local mIRC buffer overflow initiated over DCC. “The code executed are with current user privileges,anyway this bug could be dangerous in universities, cyber coffees, schools and any location with restrictions. Adding/editing filters to locate the specified folder for the files”, the announcement on SecurityFocus reads.

A few days ago this thread popped up on mIRC’s forum. Khaled, coder of mIRC, edited the first post contain a URL to the C code with proof of concept with the text:

“As far as I can tell, this is neither an exploit nor a vulnerability. The above report describes a local bug in mIRC. The author of the report seems to have over-complicated his report by saying that any malicious software on your computer can modify your mIRC settings to cause mIRC to crash. But if you have malicious software on your computer, you’ve already compromised your security…”

Crowdat Kurobudetsu, the original author of the report at SecurityFocus, has emailed Khaled the 29th of November last year but got no reply. He eventually posted the report on the 20th of December 2005.

mIRC versions vulnerable to this local issue include the latest version 6.16. Although the severity of this issue seems minimal, the general consensus seems to be a desire for this bug to be fixed.

edit: A reliable source that wishes to remain anonymous told IRC-Junkie that currently a new version (version numbered 6.17) is being tested that might fix this issue.

Category: Hack, IRC, mIRC, Software
Tag: , , ,

Your email address will not be published. Required fields are marked *