If this has already been announced, well, screw me. Problem: The IRC (Internet Relay Chat) Client, pIRCh automatically assigns your main pirch directory to where DCC downloads are sent. Exploit: You can replace someone's script file with a malicious one, therefore recieving control over an ignorant irc tenant. This can be done by sending a replacement file via DCC to the user. Most people could tell the user that it was something cool, and they would accept it. Fix: Simply goto Tools.. then Preferences. Flip to the DCC tab and change your default DCC recieve directory to something that is not the main pIRCh directory. Tested On: pIRCh32 0.92 If there's a new version out that fixes it, well crap, I'm sorry for taking up your time. Cheers, REwT <rewtat_private> PaKT-TeCH Sekurity | REwT Technologies
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:23:09 PDT