----- Original Message ----- From: "eSDee" <witkuifkakkatoeat_private> To: <vuln-devat_private> Sent: Tuesday, February 05, 2002 12:40 PM Subject: Re: mIRC Buffer Overflow > well, i published the 001 bug a long time ago on the > bugreport forum of mirc. I thought first that it was not > exploitble. > > http://trout.snt.utwente.nl:82/showflat.pl? > Cat=&Board=bugreports&Number=34363&page=26& > view=collapsed&sb=5&o=186&fpart= > > posted on 02/11/01, since then about 92 views, but > no reply. And you were accredited accordingly in James' advisory.. > The bug is fixed in mirc 6.0, so i don't know why > everybody is talking about "no patch". I assume the lack of patch refers to the less serious of the two bugs, irc:// handling, as the vendor considered that to be an issue with IE/OE. Though don't quote me on that, it may too have been fixed in version 6. - Hyb - http://deviate.cx/
This archive was generated by hypermail 2b30 : Tue Feb 05 2002 - 12:28:23 PST