Is this worthwile? I will be taking a poll on the people getting back to me.
Someone please email [EMAIL PROTECTED], he's so lonely.
--
kokaninATdtors
I. BACKGROUND
mIRC is "a friendly IRC client that is well equipped with options and
tools"
More information about the application is available at
http://www.mirc.com
II. DESCRIPTION
The DCC server which is builtin in mirc listens on port 59 if enabled,
and is insecure by design.
III. ANALYSIS
Connecting to the target om port 59 via for example netcat and typing
100 nick-to-spoof will show a dcc chat request in the targets client,
appearing to originate from nick-to-spoof.
This can be dangerous if trust relationships are observed between
a vulnerable user and a user on a multi-user system, be it a
shellprovider/vhost supplier or the likes.
IV. DETECTION
mIRC 6.03 and below (those versions who incorporate the DCC server) are
found to be vulnerable.
V. WORKAROUND
unknown
VI. VENDOR FIX
unknown
VII. CVE INFORMATION
unknown
VIII. DISCLOSURE TIMELINE
unknown
IX. CREDIT
/
Knud Erik H�jgaard/kokaninATdtors.net
I. BACKGROUND
mIRC is "a friendly IRC client that is well equipped with options and
tools"
More information about the application is available at
http://www.mirc.com
II. DESCRIPTION
The 'URL handler' allows a user to double-click an url posted in a channel
or in a query. This will afterwards be opened in the default browser.
The 'URL handler' fails to filter/ignore colour codes in links, making
'url spoofing' possible.
III. ANALYSIS
Messaging users stuff like "Oh my god Saddam just blew up Israel look
for yourself on [EMAIL PROTECTED]/ref.php?refid=spam-user"
will lead the target to beleive he's entering cnn.com, while he is in
fact accessing www.paysite.com and giving clicks/cash/whatever to the
'attacker'. Note that the 0 is the colour white, which is the default
background colour in mIRC.
IV. DETECTION
mIRC 6.03 and below (those versions who incorporate colour codes/url
handling) are found to be vulnerable.
V. WORKAROUND
unknown
VI. VENDOR FIX
unknown
VII. CVE INFORMATION
unknown
VIII. DISCLOSURE TIMELINE
unknown
IX. CREDIT
Knud Erik H�jgaard/kokaninATdtors.net
