漏洞详情: CVE-2006-0489

漏洞标题
NVD 暂无描述信息
来源:NVD
漏洞描述
Buffer overflow in the font command of mIRC, probably 6.16, allows local users to execute arbitrary code via a long string. NOTE: the original researcher claims that issue has been disputed by the vendor, and that the vendor stated "as far as I can tell, this is neither an exploit nor a vulnerability. The above report describes a local bug in mIRC." It could be that this is only exploitable by the user of the application, and thus would not cross privilege boundaries unless under an otherwise restrictive environment such as a kiosk
来源:NVD
**争议性** mIRC字体命令(可能是6.16)中的缓冲区溢出允许本地用户通过长字符串执行任意代码。注意:最初的研究者声称该问题已被 vendor 争议,而 vendor 表示“从我所知情况来看,这不是一个漏洞或弱点。上述报告描述了 mIRC 中的局部 bug。” 可能这意味着这个只有应用程序的用户才能利用,因此不会跨越权限边界,除非在 otherwise restrictive 的环境,如 kiosk 下。
来源:神龙机器人
漏洞评分(CVSS)
NVD 暂无评分
来源:NVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
来源:神龙机器人, 准确率:N/A
漏洞类别
NVD 暂无漏洞类别信息
来源:NVD
相关链接