«
»

KVIrc 3.4.0 irc:// URI handler format string vulnerability – reloaded

No, not only mIRC has bugs ;)

For the second time, after a similar vulnerability in 2007, the irc:// URI-handler of KVIrc 3.4.0 is vulnerable to exploitation.

For successful exploitation of the security hole the user needs to be tricked to follow a maliciously crafted irc:// link – “Failed exploit attempts may cause denial-of-service conditions.” at least, or might even enable the attacker “to execute arbitrary code with the privileges of the user running the affected application.” - which we all know is Administrator for 95% of all Windows machines.

However, this post on the KVIrc mailing list claims the bug is invalid and KVIrc 3.4.x is not affected but after a short test i can at least confirm that there indeed is an issue that causes a DoS because KVIrc crashes after opening the malformed link.

The usual suggestion to upgrade to the latest version to be not prone to that vulnerability is superfluous at least for the Windows-version of KVIrc, as 3.4.0 is the latest “stable” release that can be obtained from the website.

Update 11/7/08: There is now an update to version 3.4.2 available for download.

Related posts:

  1. KVIrc 3.4.2 URI handler in combination with IE exploitable [Updated] Not even a month ago, it was KVIrc 3.4.0 in...
  2. KVIrc 3.x and 4.x Remote Command Execution Vulnerability All current versions of the KVIrc IRC client contain a...
  3. mIRC Local DCC Issue: Exploit, Vulnerability or Neither? mIRC has seen issues with DCC exploits in the past....
  4. phpDenora fixes XSS vulnerability After getting notified about a Cross-site scripting vulnerability in phpDenora...
  5. KVIrc 3.4.0 Released "After a long time with development snapshots only (due to...

http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/digg_48.png http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/reddit_48.png http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/dzone_48.png http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/stumbleupon_48.png http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/delicious_48.png http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/blinklist_48.png http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/blogmarks_48.png http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/newsvine_48.png http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/technorati_48.png http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/google_48.png http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/myspace_48.png http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/facebook_48.png http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/yahoobuzz_48.png http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/twitter_48.png

Tags: , , ,

This entry was posted on Friday, October 31st, 2008 at 3:34 pm and is filed under Clients, Hack, IRC, Software. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “KVIrc 3.4.0 irc:// URI handler format string vulnerability – reloaded”

  1. Gravatar KVIrc 3.4.2 URI handler in combination with IE exploitable | IRC-Junkie.org Says:
    November 22nd, 2008 at 5:44 pm Quote

    [...] Not even a month ago, it was KVIrc 3.4.0 in it’s Windows release which has been vulnerable to what has been at least a DoS/crash. As of yesterday, there have been new exploits posted on the usual sites around the internet – but this time it is not the fault of KVIrc’s URI handler, because the bug is only exploitable if the malicious link is opened with Microsoft’s Internet Explorer and is possible because of its unique way to handle double quotes (”) in links. [...]

Leave a Reply