IRC-Junkie.org – IRC News

In the most recent newspost on the KVIrc website developer HelLViS69 writes that certain features of the IRC-client are broken on Ubuntu Karmic Koala.

He writes that “all popups are missing, and many actions on IRC return a parser error”. After installing the supposedly broken client we’ve indeed been able to confirm this as right-clicking on nicknames in the nicklist does not produce the expected popup but fails silently.

Doing the same in the channel window results in a more noisy error:

[KVS] Runtime Error: Popup channel is not defined
[KVS]   in script context “OnChannelNickPopupRequest::default”, line 1, near character 14
Event handler OnChannelNickPopupRequest::default is broken: disabling

Not even a month ago, it was KVIrc 3.4.0 in it’s Windows release which has been vulnerable to what has been at least a DoS/crash.

As of yesterday, there have been new exploits posted on the usual sites around the internet – but this time it is not the fault of KVIrc’s URI handler, because the bug is only exploitable if the malicious link is opened with Microsoft’s Internet Explorer and is possible because of its unique way to handle double quotes (“) in links.

No, not only mIRC has bugs

For the second time, after a similar vulnerability in 2007, the irc:// URI-handler of KVIrc 3.4.0 is vulnerable to exploitation.

For successful exploitation of the security hole the user needs to be tricked to follow a maliciously crafted irc:// link – “Failed exploit attempts may cause denial-of-service conditions.” at least, or might even enable the attacker “to execute arbitrary code with the privileges of the user running the affected application.” - which we all know is Administrator for 95% of all Windows machines.

“After a long time with development snapshots only (due to lack of importance given to producing a release tagged as stable), KVIrc has just released version 3.4″, user Elephantman tipped IRC-Junkie.

“This one took a very long time but, well, finally it’s here” the KVIrc development team announced on their homepage.

Some of the changed highlighted on the announcement:

* improved themeing support

* better desktop integration

* nicer support for many different IRC servers

* a totally revised option layout

* basic support for script “addons”

* improved help subsystem