Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » mIRC $asctime overflow

mIRC $asctime overflow

by Nikola Strahija on August 27th, 2002 mIRC provides scripting capabilities to allow extension of the client. A flaw exists in the $asctime identifier, which is used to format Unix style time stamps. Passing a string of sufficient length to $asctime will cause a buffer overflow on the stack. This allows the execution of byte code through calling $asctime with a carefully constructed string.


The default script included with mIRC does not call $asctime at any
point. However the majority of major scripts available for download
call $asctime to decode data provided by the irc server. Many scripts
call $asctime on data provided from other remote sources. The
exploitation of this flaw therefore depends on the script installed
by the victim.

Researched by: James Martin
Full advisory: http://www.uuuppz.com/research/adv-002-mirc.htm
Exploit: Proof of concept code available at above URL.

Product: mIRC
Website: http://www.mirc.com
Version: V6.00, V6.01, V6.02.
Fix: Download mIRC 6.03 from http://www.mirc.com
Please do not download from unofficial sites, as you may
download
a trojaned version.
Type: Buffer Overrun
Risk: Low to High


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »