9th Apr 2003 [SBWID-6126]
mIRC dcc filename spoofing
mIRC 6.03 and below has been found vulnerable
Knud Erik Højgaard [kain(at)ircop(dot)dk] found following about mIRC,
"a friendly IRC client that is well equipped with options and tools":
The DCC GET dialog has a limited area visible for the filename. By DCC
sending a file with a specially crafted filename it's possible to
'spoof' a legitimate file.
Sending a file which name consists of for example 'me.mpg' + 'about 180
"alt-0160(fakespace)"' + '.exe' leads the recieving user into believing
that the file is merely a harmless mpeg file, while it is in fact an
executable. mIRC has a handy 'open' button upon completion of the dcc,
so unless the user actually opens the download folder and verifies the
extension of the file, a compromise is possible.
If the remote user has DCC ignore enabled this will of course not work.
Think twice before opening any kind of file from untrusted source.