KVIrc 3.4.0 Virgo Remote Format String Exploit PoC
Title: KVIrc 3.4.0 Virgo Remote Format String Exploit PoC
Advisory ID: ZSL-2008-4901
Type: Remote
Impact: System Access, DoS
Risk: (4/5)
Release Date: 24.10.2008
[04.11.2008] Vendor releases patch.
[2] http://www.packetstormsecurity.org/filedesc/kvirc-format.txt.html
[3] http://www.sebug.net/exploit/4944
[4] http://www.securityfocus.com/bid/31912
[5] http://www.vupen.com/english/advisories/2008/2926
[6] http://www.secunia.com/advisories/32410
[7] http://www.juniper.net/security/auto/vulnerabilities/vuln31912.html
[8] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4748
[9] http://xforce.iss.net/xforce/xfdb/46114
[10] http://it.com.mk/index.php/Gjoko-Krstikj/Sigurnost/KVIrc-v3.4.0-Virgo-Remote-Format-String-Exploit-PoC
[11] http://www.osvdb.org/show/osvdb/49352
[27.10.2008] - Added reference [10]
[29.10.2008] - Added Vendor Status
[04.11.2008] - Updated Vendor Status
[03.05.2012] - Added reference [11]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2008-4901
Type: Remote
Impact: System Access, DoS
Risk: (4/5)
Release Date: 24.10.2008
Summary
KVIrc is a free portable IRC client based on the excellent Qt GUI toolkit. KVirc is being written by Szymon Stefanek and the KVIrc Development Team with the contribution of many IRC addicted developers around the world.Description
KVIrc is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function. A remote attacker may exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts may cause denial-of-service conditions.Vendor
Szymon Stefanek - http://www.kvirc.netAffected Version
3.4.0 VirgoTested On
Microsoft Windows XP Professional SP2 (English)Vendor Status
[29.10.2008] Vendor has knowledge about the issue.[04.11.2008] Vendor releases patch.
PoC
kvirc_fs.htmlCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] http://www.milw0rm.com/exploits/6832[2] http://www.packetstormsecurity.org/filedesc/kvirc-format.txt.html
[3] http://www.sebug.net/exploit/4944
[4] http://www.securityfocus.com/bid/31912
[5] http://www.vupen.com/english/advisories/2008/2926
[6] http://www.secunia.com/advisories/32410
[7] http://www.juniper.net/security/auto/vulnerabilities/vuln31912.html
[8] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4748
[9] http://xforce.iss.net/xforce/xfdb/46114
[10] http://it.com.mk/index.php/Gjoko-Krstikj/Sigurnost/KVIrc-v3.4.0-Virgo-Remote-Format-String-Exploit-PoC
[11] http://www.osvdb.org/show/osvdb/49352
Changelog
[24.10.2008] - Initial release[27.10.2008] - Added reference [10]
[29.10.2008] - Added Vendor Status
[04.11.2008] - Updated Vendor Status
[03.05.2012] - Added reference [11]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
