6.8
MEDIUM

CVE-2019-6453

Published: 18/02/2019 Updated: 20/02/2019
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

Vulnerability Summary

RCE vulnerability affecting all versions of mIRC prior to mIRC 7.55

mIRC before 7.55 allows remote command execution by using argument injection through custom URI protocol handlers. The attacker can specify an irc:// URI that loads an arbitrary .ini file from a UNC share pathname. Exploitation depends on browser-specific URI handling (Chrome is not exploitable).

mIRC could allow a remote attacker to execute arbitrary commands on the system, caused by an argument injection flaw in the URI protocol handlers. By persuading a victim to load a specially-crafted .ini file from a UNC share pathname, an attacker could exploit this vulnerability to execute arbitrary commands on the system.

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Complexity: MEDIUM
Authentication: NONE
Access Vector: NETWORK
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Vulnerability Trend

Mailing Lists

mIRC versions prior to 755 suffer from a remote command execution using argument injection through custom URI protocol handlers ...

Github Repositories

CVE-2019-6453: RCE on mIRC <755 using argument injection through custom URI protocol handlers [Link to the write-up] We found a Remote Code Execution vulnerability in mIRC through the irc:// URI protocol handler Because mIRC doesn't use any kind of sigil such as -- to mark the end of the argument list, an attacker is able to pass arguments to mIRC through a irc://

References