Remote Command Execution via Argument Injection in mIRC URI Protocol Handlers

Remote Command Execution via Argument Injection in mIRC URI Protocol Handlers

CVE-2019-6453 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

mIRC before 7.55 allows remote command execution by using argument injection through custom URI protocol handlers. The attacker can specify an irc:// URI that loads an arbitrary .ini file from a UNC share pathname. Exploitation depends on browser-specific URI handling (Chrome is not exploitable).

Learn more about our Cis Benchmark Audit For Google Chrome.