Talkative IRC 0.4.4.16 Remote Stack Overflow Exploit (SEH)

Title: Talkative IRC 0.4.4.16 Remote Stack Overflow Exploit (SEH)
Advisory ID: ZSL-2009-4909
Type: Local/Remote
Impact: System Access
Risk: (4/5)
Release Date: 17.03.2009
Summary
The easiest and fastest way to meet people online. With Talkative IRC you can chat with thousands of people at the same time. Find people with the same interests as you. Join channels where you can meet people speaking your language, or start your own. No monthly fees or other hassle, just a download and a click. Version 0.4.4.16 makes nick list font customizable. Why Talkative? Mainly because it's secure, stable and easy to use.
Description
Talkative IRC 0.4.4.16 suffers from a stack based buffer overflow vulnerability that enables us to gain full control over the application and execute arbitrary commands. ECX and EIP registers gets overwriten, so does the SEH. An attacker can exploit this issue by enticing an unsuspecting user into connecting to a malicious IRC server.
Vendor
Infiero Premium Software - http://www.talkative-irc.com
Affected Version
0.4.4.16
Tested On
Microsoft Windows XP Professional SP2 (English)
Vendor Status
N/A
PoC
talkirc_seh.pl
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://www.packetstormsecurity.org/filedesc/talkirc-seh.txt.html
[2] http://www.milw0rm.com/exploits/8227
[3] http://www.securityfocus.com/bid/34141
[4] http://securityreason.com/exploitalert/5874
[5] http://osvdb.org/show/osvdb/64582
Changelog
[17.03.2009] - Initial release
[27.07.2010] - Added reference [5]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk