Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4681

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2005-4681
Last Modified 05 Sep 2008 04:57:31
Published 31 Dec 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-4681

Summary

** DISPUTED ** Buffer overflow in mIRC 5.91, 6.03, 6.12, and 6.16 allows local users to execute arbitrary code via a long string that is entered after reaching the DCC Get Folder Dialog. NOTE: this issue has been disputed by the vendor, saying "as far as I can tell, this is neither an exploit nor a vulnerability. The above report describes a local bug in mIRC." It could be that this is only exploitable by the user of the application, and thus would not cross privilege boundaries unless under an otherwise restrictive environment such as a kiosk.

Vulnerable Systems

Application

  • Khaled Mardam-bey Mirc 5.91

  • Khaled Mardam-bey Mirc 6.03

  • Khaled Mardam-bey Mirc 6.12

  • Khaled Mardam-bey Mirc 6.16


References

MISC - http://www.shellsec.net/leer_advisory.php?id=9

MISC - http://www.packetstormsecurity.org/0512-exploits/mIRCexploitXPSP2eng.c

OSVDB - 24116

MISC - http://trout.snt.utwente.nl/ubbthreads/showflat.php?Cat=0&Number=146129&an=0&page=0#146129

BUGTRAQ - 20051220 mIRC buffer overflow

SREASON - 285


Last Updated: 27 May 2016 10:41:24