KVIrc 3.4.0 Virgo Remote Format String Exploit PoC

Title: KVIrc 3.4.0 Virgo Remote Format String Exploit PoC
Advisory ID: ZSL-2008-4901
Type: Remote
Impact: System Access, DoS
Risk: (4/5)
Release Date: 24.10.2008
KVIrc is a free portable IRC client based on the excellent Qt GUI toolkit. KVirc is being written by Szymon Stefanek and the KVIrc Development Team with the contribution of many IRC addicted developers around the world.
KVIrc is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function. A remote attacker may exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts may cause denial-of-service conditions.
Szymon Stefanek - http://www.kvirc.net
Affected Version
3.4.0 Virgo
Tested On
Microsoft Windows XP Professional SP2 (English)
Vendor Status
[29.10.2008] Vendor has knowledge about the issue.
[04.11.2008] Vendor releases patch.
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
[1] http://www.milw0rm.com/exploits/6832
[2] http://www.packetstormsecurity.org/filedesc/kvirc-format.txt.html
[3] http://www.sebug.net/exploit/4944
[4] http://www.securityfocus.com/bid/31912
[5] http://www.vupen.com/english/advisories/2008/2926
[6] http://www.secunia.com/advisories/32410
[7] http://www.juniper.net/security/auto/vulnerabilities/vuln31912.html
[8] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4748
[9] http://xforce.iss.net/xforce/xfdb/46114
[10] http://it.com.mk/index.php/Gjoko-Krstikj/Sigurnost/KVIrc-v3.4.0-Virgo-Remote-Format-String-Exploit-PoC
[11] http://www.osvdb.org/show/osvdb/49352
[24.10.2008] - Initial release
[27.10.2008] - Added reference [10]
[29.10.2008] - Added Vendor Status
[04.11.2008] - Updated Vendor Status
[03.05.2012] - Added reference [11]
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk