At 07:22 23-4-2001, you wrote: >The existance of "remote control" possibilities in mIRC worry me. >Does anyone have the specs on the the things that can be done? >I'm not asking for exploits to do damage, just doing >/say I'm in trouble! >would be quite aquedate. Can anyone help me out? > >(seriously, I'm not looking for 0-day. no code is being asked for) Apart from the possibility of a vulnerability existing in mIRC, mIRC still supports scripts, and a lot of 3d-party scripts are available. A script has the possibility to react to certain events and almost completely control mIRC. This combined provides many "remote control" possibilities. The scripts are however visible to the user and they could be audited by the user (although remote control possibilities might be obfuscated, and knowledge of mIRC scripting might be required to detect them). All in all, it's probably wisest to only use scripts from a trusted source/author. Hope this helps, Jeroen Latour
This archive was generated by hypermail 2b30 : Mon Apr 23 2001 - 21:37:04 PDT