mIRC DCC Nick Disclosure Vulnerability

mIRC is a popular IRC client for Microsoft Windows. DCC is a protocol used to enhance the functionality of IRC. Most commonly it is used to transfer files between clients, although it can also be used for direct conversations.

A vulnerability has been reported in the mIRC implementation of the DCC protocol. Reportably, when a DCC connection initiated, the command '100 testing' will cause the mIRC server to respond with the user's current nick. Exploitation of this vulnerability may aid an attacker in further intelligent attacks, or help an attempt at social engineering.


 

Privacy Statement
Copyright 2010, SecurityFocus