漏洞标题
N/A
漏洞描述信息
**争议性** mIRC字体命令(可能是6.16)中的缓冲区溢出允许本地用户通过长字符串执行任意代码。注意:最初的研究者声称该问题已被 vendor 争议,而 vendor 表示“从我所知情况来看,这不是一个漏洞或弱点。上述报告描述了 mIRC 中的局部 bug。” 可能这意味着这个只有应用程序的用户才能利用,因此不会跨越权限边界,除非在 otherwise restrictive 的环境,如 kiosk 下。
CVSS信息
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Buffer overflow in the font command of mIRC, probably 6.16, allows local users to execute arbitrary code via a long string. NOTE: the original researcher claims that issue has been disputed by the vendor, and that the vendor stated "as far as I can tell, this is neither an exploit nor a vulnerability. The above report describes a local bug in mIRC." It could be that this is only exploitable by the user of the application, and thus would not cross privilege boundaries unless under an otherwise restrictive environment such as a kiosk
CVSS信息
N/A
漏洞类别
N/A