← Advisories

KVIrc 3.4.0 Virgo Remote Format String Exploit PoC

High
Advisory ID
ZSL-2008-4901
Release Date
24 October 2008
Vendor
Szymon Stefanek - http://www.kvirc.net
Affected Version
3.4.0 Virgo
CVE
CVE-2008-4748
Tested On
Microsoft Windows XP Professional SP2 (English)
Summary

KVIrc is a free portable IRC client based on the excellent Qt GUI toolkit. KVirc is being written by Szymon Stefanek and the KVIrc Development Team with the contribution of many IRC addicted developers around the world.

Description

KVIrc is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function. A remote attacker may exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts may cause denial-of-service conditions.

Proof of Concept
kvirc_fs.htmlTXT
Disclosure Timeline
29.10.2008Vendor has knowledge about the issue.
04.11.2008Vendor releases patch.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]http://www.milw0rm.com/exploits/6832
[2]http://www.packetstormsecurity.org/filedesc/kvirc-format.txt.html
[3]http://www.sebug.net/exploit/4944
[4]http://www.securityfocus.com/bid/31912
[5]http://www.vupen.com/english/advisories/2008/2926
[6]http://www.secunia.com/advisories/32410
[7]http://www.juniper.net/security/auto/vulnerabilities/vuln31912.html
[8]http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4748
[9]http://xforce.iss.net/xforce/xfdb/46114
[10]http://it.com.mk/index.php/Gjoko-Krstikj/Sigurnost/KVIrc-v3.4.0-Virgo-Remote-Format-String-Exploit-PoC
[11]http://www.osvdb.org/show/osvdb/49352
Changelog
24.10.2008Initial release
27.10.2008Added reference [10]
29.10.2008Added Vendor Status
04.11.2008Updated Vendor Status
03.05.2012Added reference [11]