Date: Thu, 12 Nov 1998 11:20:56 -0600 From: "rewt@midsouth.rr.com" To: BUGTRAQ@netspace.org Subject: Old IRC Client bug Re-Applied If this has already been announced, well, screw me. Problem: The IRC (Internet Relay Chat) Client, pIRCh automatically assigns your main pirch directory to where DCC downloads are sent. Exploit: You can replace someone's script file with a malicious one, therefore recieving control over an ignorant irc tenant. This can be done by sending a replacement file via DCC to the user. Most people could tell the user that it was something cool, and they would accept it. Fix: Simply goto Tools.. then Preferences. Flip to the DCC tab and change your default DCC recieve directory to something that is not the main pIRCh directory. Tested On: pIRCh32 0.92 If there's a new version out that fixes it, well crap, I'm sorry for taking up your time. Cheers, REwT PaKT-TeCH Sekurity | REwT Technologies