CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Khaled Mardam-bey : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2006-0489 Exec Code Overflow 2006-01-31 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
** DISPUTED ** Buffer overflow in the font command of mIRC, probably 6.16, allows local users to execute arbitrary code via a long string. NOTE: the original researcher claims that issue has been disputed by the vendor, and that the vendor stated "as far as I can tell, this is neither an exploit nor a vulnerability. The above report describes a local bug in mIRC." It could be that this is only exploitable by the user of the application, and thus would not cross privilege boundaries unless under an otherwise restrictive environment such as a kiosk.
2 CVE-2005-4681 Exec Code Overflow 2005-12-31 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
** DISPUTED ** Buffer overflow in mIRC 5.91, 6.03, 6.12, and 6.16 allows local users to execute arbitrary code via a long string that is entered after reaching the DCC Get Folder Dialog. NOTE: this issue has been disputed by the vendor, saying "as far as I can tell, this is neither an exploit nor a vulnerability. The above report describes a local bug in mIRC." It could be that this is only exploitable by the user of the application, and thus would not cross privilege boundaries unless under an otherwise restrictive environment such as a kiosk.
3 CVE-2003-1512 119 DoS Overflow 2003-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in mIRC 6.1 and 6.11 allows remote attackers to cause a denial of service (crash) via a long DCC SEND request.
4 CVE-2002-1456 Exec Code Overflow 2003-06-09 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in mIRC 6.0.2 and earlier allows remote attackers to execute arbitrary code via a long $asctime value.
5 CVE-2002-0425 +Info 2002-08-12 2008-09-05
5.0
None Remote Low Not required Partial None None
mIRC DCC server protocol allows remote attackers to gain sensitive information such as alternate IRC nicknames via a "100 testing" message in a DCC connection request that cannot be ignored or canceled by the user, which may leak the alternate nickname in a response message.
6 CVE-2002-0231 Exec Code Overflow 2002-05-16 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in mIRC 5.91 and earlier allows a remote server to execute arbitrary code on the client via a long nickname.
7 CVE-2001-0944 Exec Code 2001-12-02 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
DDE in mIRC allows local users to launch applications under another user's account via a DDE message that executes a command, which may be executed by the other user's process.
8 CVE-2001-0315 Bypass 2001-06-02 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
The locking feature in mIRC 5.7 allows local users to bypass the password mechanism by modifying the LockOptions registry key.
9 CVE-1999-0399 Exec Code 1999-01-01 2008-09-09
7.5
User Remote Low Not required Partial Partial Partial
The DCC server command in the Mirc 5.5 client doesn't filter characters from file names properly, allowing remote attackers to place a malicious file in a different location, possibly allowing the attacker to execute commands.
Total number of vulnerabilities : 9   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.