New exploit on mIRC 6.12

2003年10月24日 17:55 次阅读 稿源: 条评论
最近mIRC的溢出漏洞频频,我们泡IRC玩的也开始心惊胆战起来.此次的溢出漏洞出现在DCC上,当一个用户以最小化形式接收文件并且文件名的长度过大时,系统就会被挂起.不过这个漏洞也比较有趣,如果你设置"拒绝接收文件"或者"总是自动接收文件",那么"Nothing happens".
以下是原版的解决方案:
If and only if you think the above affects you, then here is a temporary fix which should be pasted in your "remotes" section (alt-r to access). It basically rejects any excessively long filename.

ctcp *:dcc send:*: if ($len($nopath($filename)) >= 225) { echo 4 -s $nick tried to crash you with an illegal dcc send of $nopath($filename) | halt }

or this shorter version without the warning message:
ctcp *:dcc send:*: if ($len($nopath($filename)) >= 225) halt

If you are not comfortable with modifying your remotes, you can just ignore all incoming DCC sends with the following, which is the same temporary fix as for the other bug described in the next section:
/ignore -wd *

对文章打分

New exploit on mIRC 6.12

2 (67%)
已有 条意见

    最新资讯

    加载中...

    编辑精选

    加载中...

    热门评论

      Top 10

      招聘

      created by ceallan