Jordi Corrales

**Name of the Vulnerable Software and Affected Versions** mIRC version 6.16 **Description** A buffer overflow issue in the font command of mIRC allows local users to execute arbitrary code via a long string. The vendor has disputed this issue, stating it is a local bug in mIRC and not a vulnerability. It is possible that this issue is only exploitable by the user of the application and does not cross privilege boundaries unless in a restrictive environment. **Recommendations** For mIRC version 6.16, consider restricting the use of the font command to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** mIRC versions 5.91 through 6.16 **Description** A buffer overflow issue allows local users to potentially execute arbitrary code by entering a long string after reaching the DCC Get Folder Dialog. The vendor has disputed this issue, suggesting it may be a local bug rather than a vulnerability, potentially only exploitable by the application user and not crossing privilege boundaries unless in a restrictive environment. **Recommendations** For mIRC versions 5.91 through 6.16, consider avoiding entering long strings after reaching the DCC Get Folder Dialog as a temporary workaround until a patch is available or further clarification is provided by the vendor.

**Name of the Vulnerable Software and Affected Versions** Dameware NT Utilities (affected versions not specified) MiniRemote Control versions 4.9 and earlier **Description** The issue concerns the storage of sensitive information in memory. Specifically, the DNTUS26 process in Dameware NT Utilities and the DWRCS process in MiniRemote Control store the `username` and `password` in cleartext, which could allow attackers to obtain this sensitive information. **Recommendations** For Dameware NT Utilities, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For MiniRemote Control versions 4.9 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.