← Advisories

Talkative IRC 0.4.4.16 Remote Stack Overflow Exploit (SEH)

High
Advisory ID
ZSL-2009-4909
Release Date
17 March 2009
Vendor
Infiero Premium Software - http://www.talkative-irc.com
Affected Version
0.4.4.16
CVE
CVE-2009-20007
Tested On
Microsoft Windows XP Professional SP2 (English)
Summary

The easiest and fastest way to meet people online. With Talkative IRC you can chat with thousands of people at the same time. Find people with the same interests as you. Join channels where you can meet people speaking your language, or start your own. No monthly fees or other hassle, just a download and a click. Version 0.4.4.16 makes nick list font customizable. Why Talkative? Mainly because it's secure, stable and easy to use.

Description

Talkative IRC 0.4.4.16 suffers from a stack based buffer overflow vulnerability that enables us to gain full control over the application and execute arbitrary commands. ECX and EIP registers gets overwriten, so does the SEH. An attacker can exploit this issue by enticing an unsuspecting user into connecting to a malicious IRC server.

Proof of Concept
talkirc_seh.plTXT
Disclosure Timeline
N/A
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]https://packetstorm.news/files/id/75783/
[2]http://www.milw0rm.com/exploits/8227
[3]http://www.securityfocus.com/bid/34141
[4]http://securityreason.com/exploitalert/5874
[5]http://osvdb.org/show/osvdb/64582
[6]https://www.vulncheck.com/advisories/talkative-irc-response-buffer-overflow
[7]https://www.exploit-db.com/exploits/16459
[8]https://nvd.nist.gov/vuln/detail/cve-2009-20007
[9]https://www.cve.org/CVERecord?id=CVE-2009-20007
[10]https://www.rapid7.com/db/modules/exploit/windows/misc/talkative_response/
Changelog
17.03.2009Initial release
27.07.2010Added reference [5]
07.09.2025Updated reference [1] and added reference [6], [7], [8], [9] and [10]