Vulnerability Details : CVE-2008-4449
Public exploit exists!
Stack-based buffer overflow in mIRC 6.34 allows remote attackers to execute arbitrary code via a long hostname in a PRIVMSG message.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2008-4449
Probability of exploitation activity in the next 30 days: 84.48%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2008-4449
-
mIRC PRIVMSG Handling Stack Buffer Overflow
Disclosure Date: 2008-10-02First seen: 2020-04-26exploit/windows/misc/mirc_privmsg_serverThis module exploits a buffer overflow in the mIRC IRC Client v6.34 and earlier. By enticing a mIRC user to connect to this server module, an excessively long PRIVMSG command can be sent, overwriting the stack. Due to size restrictions, ordinal payloads may be nece
CVSS scores for CVE-2008-4449
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2008-4449
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-4449
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/45624
-
https://www.exploit-db.com/exploits/6666
mIRC 6.34 - Remote Buffer Overflow - Windows remote Exploit
-
http://securityreason.com/securityalert/4352
-
http://www.vupen.com/english/advisories/2008/2736
-
http://www.securityfocus.com/bid/31552
mIRC 'PRIVMSG' Buffer Overflow VulnerabilityExploit
-
https://www.exploit-db.com/exploits/6654
Products affected by CVE-2008-4449
- cpe:2.3:a:mirc:mirc:6.34:*:*:*:*:*:*:*