Same here, WinXP, mIRC v6.03, no mIRC crashing..> That's not a typical mIRC response. Are you sure you haven't a invalid hex'd mIRC such as ircN or anything? If so, mIRC cannot guarantee the robustness of your executable. If you have any strange errors, try going to a help channel like #mIRCHelp on Efnet or a channel like #dmsetup if you believe you have a virus (I moderate in both channels). If you have an invalid mIRC executable, try reinstalling mIRC and not ircN (or whatever). cc casnova on EFNet IRC network -----Original Message----- From: Davide Del Vecchio [mailto:danteat_private] Sent: Tuesday, May 27, 2003 2:58 PM To: at4rat_private Cc: vuln-devat_private Subject: Re: mirc32 6.0x crash when resolving dns. Hi Andres, here Windows 98 B, mIRC v6.03 nothin happens when tryin to resolve that ip. [23:57] * Looking up 210.193.16.22 - [23:57] * Looking up 210.193.16.23 - [23:57] * Looking up 210.193.16.24 - [23:57] * Looking up 210.193.16.25 - [23:57] * Unable to resolve 210.193.16.22 - [23:57] * Looking up 210.193.16.26 - [23:57] * Unable to resolve 210.193.16.23 - [23:57] * Unable to resolve 210.193.16.24 - [23:57] * Unable to resolve 210.193.16.25 - [23:57] * Unable to resolve 210.193.16.26 - Davide Del Vecchio, Dante Alighieri danteat_private ~ www.alighieri.org aT4r InsaN3 Scrive: > While checking yesterday my snort database i found some attacks from > the > host 210.193.16.22 so i began to resolve the dns from the hosts with > mirc32 and i executed the following commands in the status window: > > /dns 210.193.16.22 > /dns 210.193.16.23 > /dns 210.193.16.24 > * Looking up 210.193.16.22 > * Looking up 210.193.16.23 > * Looking up 210.193.16.24 > * Unable to resolve 210.193.16.22 > /dns 210.193.16.25 > * Looking up 210.193.16.25 > * Unable to resolve 210.193.16.23 > (** MIRC CRASH**) > > every time i tried to resolve a few ips mirc32 dies. the problem seems > to > be in the WSAAsyncGetHostByName() call. > i have tested this feature in both mirc 6.01 and 6.03 in diferent > computers. SO: winxp > I cant give too many information about how to reproduce it, just try to > resolve some dns like the example. > there are some mirc scripts that resolve dns after some events like ctcps > , so maybe this bug can be used remotely as a Denial of Service. > > Windbg: > 0:004> g > ModLoad: 76ee0000 76f05000 C:\WINDOWS\System32\DNSAPI.dll > ModLoad: 76f70000 76f77000 C:\WINDOWS\System32\winrnr.dll > ModLoad: 76f20000 76f4d000 C:\WINDOWS\system32\WLDAP32.dll > ModLoad: 76f80000 76f85000 C:\WINDOWS\System32\rasadhlp.dll > (794.788): Access violation - code c0000005 (first chance) First > chance exceptions are reported before any exception handling. This > exception may be expected and handled. eax=00000000 ebx=005ea830 > ecx=00000001 edx=71a42268 esi=005ea830 edi=71a42268 > eip=71a38d72 esp=01a8ff34 ebp=01a8ff5c iopl=0 nv up ei pl nz na pe > nc > cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 > efl=00010202 > *** ERROR: Symbol file could not be found. Defaulted to export symbols > for C:\WINDOWS\System32\WS2_32.dll - > WS2_32!WSAAsyncGetHostByName+407: > 71a38d72 8a10 mov dl,[eax] > ds:0023:00000000=?? > > regards > > Andres Tarascó Acuña > 3W Design Security - 2003 > > _________________________________________________________________ > MSN Compras: Veinte tiendas personales abiertas todo el día. > http://www.msn.es/compras/ >
This archive was generated by hypermail 2b30 : Wed May 28 2003 - 08:24:55 PDT