ASA-2019-00087 – mIRC: Remote code execution using argument injection through custom URI protocol handlers

mIRC has been shown to be vulnerable to argument injection through its associated URI protocol handlers that improperly escape their parameters.  Using available command-line parameters, an attacker is able to load a remote configuration file and to automatically run arbitrary code.