MidnightBSD

Advisories for khaled_mardam-bey

CVE-1999-0399 HIGH

The DCC server command in the Mirc 5.5 client doesn't filter characters from file names properly, allowing remote attackers to place a malicious file in a different location, possibly allowing the attacker to execute commands.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
khaled_mardam-bey mirc 5.5
CVE-2001-0315 HIGH

The locking feature in mIRC 5.7 allows local users to bypass the password mechanism by modifying the LockOptions registry key.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
khaled_mardam-bey mirc *
CVE-2001-0944 HIGH

DDE in mIRC allows local users to launch applications under another user's account via a DDE message that executes a command, which may be executed by the other user's process.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
khaled_mardam-bey mirc *
CVE-2002-0231 HIGH

Buffer overflow in mIRC 5.91 and earlier allows a remote server to execute arbitrary code on the client via a long nickname.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
khaled_mardam-bey mirc 4.6
khaled_mardam-bey mirc 2.5a
khaled_mardam-bey mirc 5.9
khaled_mardam-bey mirc 3.6
khaled_mardam-bey mirc 2.3a
khaled_mardam-bey mirc 3.8
khaled_mardam-bey mirc 3.5
khaled_mardam-bey mirc 3.9
khaled_mardam-bey mirc 2.4a
khaled_mardam-bey mirc 2.1a
khaled_mardam-bey mirc 2.4
khaled_mardam-bey mirc 3.2
khaled_mardam-bey mirc 3.7
khaled_mardam-bey mirc 5.1
khaled_mardam-bey mirc 5.3
khaled_mardam-bey mirc 4.7
khaled_mardam-bey mirc 5.4
khaled_mardam-bey mirc 5.5
khaled_mardam-bey mirc 5.6
khaled_mardam-bey mirc 5.91
khaled_mardam-bey mirc 4.5
khaled_mardam-bey mirc 4.1
khaled_mardam-bey mirc 5.0
khaled_mardam-bey mirc 5.7
khaled_mardam-bey mirc 5.8
khaled_mardam-bey mirc 2.8c
khaled_mardam-bey mirc 3.1
khaled_mardam-bey mirc 3.4
khaled_mardam-bey mirc 4.0
khaled_mardam-bey mirc 2.7a
khaled_mardam-bey mirc 3.3
CVE-2002-0425 MEDIUM

mIRC DCC server protocol allows remote attackers to gain sensitive information such as alternate IRC nicknames via a "100 testing" message in a DCC connection request that cannot be ignored or canceled by the user, which may leak the alternate nickname in a response message.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
khaled_mardam-bey mirc 6.0
khaled_mardam-bey mirc 6.0_1
CVE-2002-1456 HIGH

Buffer overflow in mIRC 6.0.2 and earlier allows remote attackers to execute arbitrary code via a long $asctime value.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
khaled_mardam-bey mirc 6.0
khaled_mardam-bey mirc 6.0.1
khaled_mardam-bey mirc 6.0.2
CVE-2003-1512 MEDIUM

Buffer overflow in mIRC 6.1 and 6.11 allows remote attackers to cause a denial of service (crash) via a long DCC SEND request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
khaled_mardam-bey mirc 6.11
khaled_mardam-bey mirc 6.1
CVE-2005-4681 MEDIUM

Buffer overflow in mIRC 5.91, 6.03, 6.12, and 6.16 allows local users to execute arbitrary code via a long string that is entered after reaching the DCC Get Folder Dialog. NOTE: this issue has been disputed by the vendor, saying "as far as I can tell, this is neither an exploit nor a vulnerability. The above report describes a local bug in mIRC." It could be that this is only exploitable by the user of the application, and thus would not cross privilege boundaries unless under an otherwise restrictive environment such as a kiosk

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
khaled_mardam-bey mirc 6.03
khaled_mardam-bey mirc 6.16
khaled_mardam-bey mirc 6.12
khaled_mardam-bey mirc 5.91
CVE-2006-0489 MEDIUM

Buffer overflow in the font command of mIRC, probably 6.16, allows local users to execute arbitrary code via a long string. NOTE: the original researcher claims that issue has been disputed by the vendor, and that the vendor stated "as far as I can tell, this is neither an exploit nor a vulnerability. The above report describes a local bug in mIRC." It could be that this is only exploitable by the user of the application, and thus would not cross privilege boundaries unless under an otherwise restrictive environment such as a kiosk

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
khaled_mardam-bey mirc 6.16