BugTraq
0day: mIRC pwns Windows Oct 03 2007 04:06PM
jinc4fareijj hotmail com (2 replies)
Re: 0day: mIRC pwns Windows Oct 03 2007 07:59PM
Gavin Hanover (netmunky gmail com) (1 replies)
Re[2]: 0day: mIRC pwns Windows Oct 04 2007 11:12AM
3APA3A (3APA3A SECURITY NNOV RU) (2 replies)
Dear Gavin Hanover,

In this very case it's really seems to be mIRC problem ("unfiltered
shell characters"). It doesn't depend on URL handler and will work with
any valid URL handler. You can reproduce same vulnerability by entering

http:%xx../../../../../../../../../../../windows/system32/calc.exe".bat

Exploitable under Windows XP, not exploitable under Vista.

--Wednesday, October 3, 2007, 11:59:45 PM, you wrote to jinc4fareijj (at) hotmail (dot) com [email concealed]:

GH> is this a mirc bug or a mail client bug?

>> mailto:%xx../../../../../../../../../../../windows/system32/calc.exe".ba
t
>>

--
~/ZARAZA http://securityvulns.com/

[ reply ]
Re: 0day: mIRC pwns Windows Oct 04 2007 04:04PM
Greg Rubin (grrubin gmail com)
Re: Re[2]: 0day: mIRC pwns Windows Oct 04 2007 01:47PM
Gavin Hanover (netmunky gmail com)
Re: 0day: mIRC pwns Windows Oct 03 2007 06:47PM
Gregory Rubin (grrubin gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus