mIRC PRIVMSG Handling Remote Buffer Overflow

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.

Synopsis :

The remote host contains a chat client that is affected by a buffer
overflow vulnerability.

Description :

The version of mIRC installed on the remote host is earlier than 6.35
and thus reportedly prone to a buffer overflow attack that can be
triggered by a long hostname in a PRIVMSG message. If an attacker can
trick a user into connecting to a malicious IRC server (perhaps via
JavaScript in an HTML document), this issue could be leveraged to
execute arbitrary code on the remote host subject to the user's

See also :


Solution :

Upgrade to mIRC 6.35 or later.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.4
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 34471 ()

Bugtraq ID: 31552

CVE ID: CVE-2008-4449

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now