Allele Security Alert
Remote code execution using argument injection through custom URI protocol handlers
mIRC Co. Ltd
mIRC version 7.55 and earlier
mIRC version 7.55
Proof of concept
mIRC has been shown to be vulnerable to argument injection through its associated URI protocol handlers that improperly escape their parameters. Using available command-line parameters, an attacker is able to load a remote configuration file and to automatically run arbitrary code.
Baptiste Devigne (Geluchat) and Benjamin Chetioui (Siben)
CVE-2019-6453: RCE on mIRC <7.55 using argument injection through custom URI protocol handlers
mIRC: Latest news
Proof of calc for CVE-2019-6453
RCE through URI protocol handlers on mIRC <7.55 (CVE-2019-6453)
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: July 23, 2019