6.8
CVSSv2

CVE-2019-6453

Published: 18/02/2019 Updated: 20/02/2019
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 653
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

mIRC prior to 7.55 allows remote command execution by using argument injection through custom URI protocol handlers. The attacker can specify an irc:// URI that loads an arbitrary .ini file from a UNC share pathname. Exploitation depends on browser-specific URI handling (Chrome is not exploitable).

Vulnerability Trend

Mailing Lists

mIRC versions prior to 755 suffer from a remote command execution using argument injection through custom URI protocol handlers ...

Github Repositories

CVE-2019-6453: RCE on mIRC <755 using argument injection through custom URI protocol handlers [Link to the write-up] We found a Remote Code Execution vulnerability in mIRC through the irc:// URI protocol handler Because mIRC doesn't use any kind of sigil such as -- to mark the end of the argument list, an attacker is able to pass arguments to mIRC through a irc://

滲透基礎 以下內容皆參考他人之網頁。 所有內容請用於對自己的設備或環境進行測試,本站不負任何法律責任。 流程 偵查(受測)目標 google hacking 網站目錄列舉 掃描網路 nmap acunetix Zmap 漏洞或弱點利用 XSS SQL Injection 上傳web shell 密碼破解 cve等已知漏洞 提升權限 維持存取 google ha

Awesome Hacking Awesome hacking is a curated list of hacking tools for hackers, pentesters and security researchers Its goal is to collect, classify and make awesome tools easy to find by humans, creating a toolset you can checkout and update with one command You can checkout all the tools with the following command: git clone --recursive githubcom/jekil/awesome-hack

Awesome Hacking Awesome hacking is a curated list of hacking tools for hackers, pentesters and security researchers Its goal is to collect, classify and make awesome tools easy to find by humans, creating a toolset you can checkout and update with one command You can checkout all the tools with the following command: git clone --recursive githubcom/jekil/awesome-hack