Signature Detail
Short Name |
HTTP:STC:MIRC-URI-OF |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
mIRC IRC URI Handler Buffer Overflow |
Release Date |
2005/01/28 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: mIRC IRC URI Handler Buffer Overflow
This signature detects attempts to exploit a known vulnerability against the mIRC IRC client URI handler plugin. Attackers can supply a malicious crafted hostname, which can cause a buffer overflow and allow them to execute arbitrary code on the client.
Extended Description
When mIRC is installed it registers a handler for a 'irc://' type of URL. Through these means, mIRC is invoked when an 'IRC URL' is followed. mIRC has been reported prone to a buffer overflow vulnerability when handling malicious 'IRC URLs'. The issue likely presents itself due to a lack of sufficient boundary checks performed when IRC URL data is being copied into an insufficient buffer in memory. Ultimately a remote attacker may exploit this condition to execute arbitrary instructions in the context of the user running the affected client.
Affected Products
- Khaled Mardam-Bey mIRC 6.1.0
References
- BugTraq: 8819
- URL: http://www.mirc.com/index.html