CVE-2006-0489

Buffer overflow in the font command of mIRC, probably 6.16, allows local users to execute arbitrary code via a long string. NOTE: the original researcher claims that issue has been disputed by the vendor, and that the vendor stated "as far as I can tell, this is neither an exploit nor a vulnerability. The above report describes a local bug in mIRC." It could be that this is only exploitable by the user of the application, and thus would not cross privilege boundaries unless under an otherwise restrictive environment such as a kiosk

Published: Feb 1, 2006
Updated: Nov 8, 2023
CVE: CVE-2006-0489
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
khaled_mardam-bey / mirc	6.16	6.16.x

http://securityreason.com/securityalert/383
http://trout.snt.utwente.nl/ubbthreads/showflat.php?Cat=0&Board=bugreports&Number=118751
http://www.osvdb.org/22942
http://www.securiteam.com/windowsntfocus/5IP080AHPQ.html
http://www.securityfocus.com/archive/1/423192/100/0/threaded
http://www.securityfocus.com/archive/1/423758/100/0/threaded

Vulnerability Database

289,697

CVE-2006-0489