Vulnerability Details : CVE-2005-4681
Buffer overflow in mIRC 5.91, 6.03, 6.12, and 6.16 allows local users to execute arbitrary code via a long string that is entered after reaching the DCC Get Folder Dialog. NOTE: this issue has been disputed by the vendor, saying "as far as I can tell, this is neither an exploit nor a vulnerability. The above report describes a local bug in mIRC." It could be that this is only exploitable by the user of the application, and thus would not cross privilege boundaries unless under an otherwise restrictive environment such as a kiosk
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2005-4681
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 24 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2005-4681
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST |
References for CVE-2005-4681
-
http://www.osvdb.org/24116
404 Not Found
-
http://trout.snt.utwente.nl/ubbthreads/showflat.php?Cat=0&Number=146129&an=0&page=0#146129
-
http://seclists.org/lists/bugtraq/2005/Dec/0263.html
Bugtraq: mIRC buffer overflow
-
http://securityreason.com/securityalert/285
mIRC buffer overflow - CXSecurity.com
-
http://www.shellsec.net/leer_advisory.php?id=9
Certificados SSL y soluciones para empresas y pymes | Redalia
-
http://www.packetstormsecurity.org/0512-exploits/mIRCexploitXPSP2eng.c
Files ≈ Packet StormExploit
Products affected by CVE-2005-4681
- cpe:2.3:a:khaled_mardam-bey:mirc:5.91:*:*:*:*:*:*:*
- cpe:2.3:a:khaled_mardam-bey:mirc:6.12:*:*:*:*:*:*:*
- cpe:2.3:a:khaled_mardam-bey:mirc:6.03:*:*:*:*:*:*:*
- cpe:2.3:a:khaled_mardam-bey:mirc:6.16:*:*:*:*:*:*:*