[IRC-DEV] RV: DALnet: [Exploits Prevention Team] SECURITY ALERT - ALL mIRC USERS PLEASE READ.

Jaume Cornadó jaumec at lleida.net
Thu Feb 7 13:51:54 CET 2002 

El bug de la página web lo encuentro poco importante. El bug fuerte, es
el que hay arriba del link que nos da Rubén. Existe un EXPLOIT, que hace
de server, i puede ejecutar "CUALQUIER COMANDO" en la maquina de la
persona que entre en ese server pensandose que es un server valido...

Si alguien quiere mas info en cristiano:

http://www.lleida.net/noticias/index.html?apt=novedades&seccion=novgenseg&id=6&act=4&ini=2



On dt, 2002-02-05 at 21:53, Ruben Cardenal wrote:
> 
> 
> -----Mensaje original-----
> De: owner-dalnet at DAL.NET [mailto:owner-dalnet at DAL.NET]En nombre de
> jim-mm at DAL.NET
> Enviado el: martes, 05 de febrero de 2002 19:19
> Para: dalnet at DAL.NET
> Asunto: DALnet: [Exploits Prevention Team] SECURITY ALERT - ALL mIRC
> USERS PLEASE READ.
> 
> 
> 
> A serious vulnerability has been discovered in all versions of mIRC
> up to version 5.91 (mIRC 6.0 is not affected). This vulnerability can
> allow malicious users to gain unauthorized access to your system remotely
> and potentially plant trojan horse programmes or steal data. This
> vulnerability affects all versions of mIRC prior to 6.0 running on all
> current Microsoft Windows platforms but is particularly serious for
> users who also routinely use Internet Explorer as their web browser.
> 
> This vulnerability and the associated exploit are in the public domain
> and are possibly being exploited already. All users of mIRC prior to
> the current version are STRONGLY ADVISED TO UPGRADE IMMEDIATELY.
> 
> Upgrades to version mIRC 6.0 are available for download from the mIRC
> website at http://www.mirc.co.uk. As always, please ensure you
> download only from a trusted source.
> 
> The original advisory for this exploit was posted to BugTraq on Feb 03
> 2002 and can be found at the following URL :
> 
> http://www.uuuppz.com/research/adv-001-mirc.htm
> 
> Thank You,
> 
> DALnet Exploit Prevention Team.
> 
> -- 
> 
> _______________________________________________
> IRC-Dev mailing list
> IRC-Dev at argo.es
> http://mailman.argo.es/listinfo/irc-dev
-- 
*---------------------------*
| Jaume Cornadó             |
| Técnico de Sistemas       |
|                           |
| Lleida Networks           |
| Serveis Telemátics        |
|---------------------------|
| http://www.lleida.net/    |
|---------------------------|
| Correo Técnico:           |
| tecnics at lleida.net        |
|---------------------------|
| Correo Comercial:         |
| comercial at lleida.net      |
|---------------------------|
| Correo Administrativo:    |
| administracion at lleida.net |
*---------------------------*

More information about the IRC-Dev mailing list