Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0489

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2006-0489
Last Modified 05 Sep 2008 04:59:25
Published 31 Jan 2006 09:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-0489

Summary

** DISPUTED ** Buffer overflow in the font command of mIRC, probably 6.16, allows local users to execute arbitrary code via a long string. NOTE: the original researcher claims that issue has been disputed by the vendor, and that the vendor stated "as far as I can tell, this is neither an exploit nor a vulnerability. The above report describes a local bug in mIRC." It could be that this is only exploitable by the user of the application, and thus would not cross privilege boundaries unless under an otherwise restrictive environment such as a kiosk.

Vulnerable Systems

Application

  • Khaled Mardam-bey Mirc 6.16


References

BUGTRAQ - 20060124 Buffer Overflow /Font on mIRC

BUGTRAQ - 20060201 Re: Buffer Overflow /Font on mIRC

MISC - http://www.securiteam.com/windowsntfocus/5IP080AHPQ.html

OSVDB - 22942

MISC - http://trout.snt.utwente.nl/ubbthreads/showflat.php?Cat=0&Board=bugreports&Number=118751

SREASON - 383


Last Updated: 27 May 2016 10:41:40