KVIrc 3.4.0 Virgo Remote Format String Exploit PoC

Title: KVIrc 3.4.0 Virgo Remote Format String Exploit PoC
Advisory ID: ZSL-2008-4901
Type: Remote
Impact: System Access, DoS
Risk: (4/5)
Release Date: 24.10.2008
Summary
KVIrc is a free portable IRC client based on the excellent Qt GUI toolkit. KVirc is being written by Szymon Stefanek and the KVIrc Development Team with the contribution of many IRC addicted developers around the world.
Description
KVIrc is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function. A remote attacker may exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts may cause denial-of-service conditions.
Vendor
Szymon Stefanek - http://www.kvirc.net
Affected Version
3.4.0 Virgo
Tested On
Microsoft Windows XP Professional SP2 (English)
Vendor Status
[29.10.2008] Vendor has knowledge about the issue.
[04.11.2008] Vendor releases patch.
PoC
kvirc_fs.html
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://www.milw0rm.com/exploits/6832
[2] http://www.packetstormsecurity.org/filedesc/kvirc-format.txt.html
[3] http://www.sebug.net/exploit/4944
[4] http://www.securityfocus.com/bid/31912
[5] http://www.vupen.com/english/advisories/2008/2926
[6] http://www.secunia.com/advisories/32410
[7] http://www.juniper.net/security/auto/vulnerabilities/vuln31912.html
[8] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4748
[9] http://xforce.iss.net/xforce/xfdb/46114
[10] http://it.com.mk/index.php/Gjoko-Krstikj/Sigurnost/KVIrc-v3.4.0-Virgo-Remote-Format-String-Exploit-PoC
[11] http://www.osvdb.org/show/osvdb/49352
Changelog
[24.10.2008] - Initial release
[27.10.2008] - Added reference [10]
[29.10.2008] - Added Vendor Status
[04.11.2008] - Updated Vendor Status
[03.05.2012] - Added reference [11]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk