Vulnerability Description
mIRC before 7.55 allows remote command execution by using argument injection through custom URI protocol handlers. The attacker can specify an irc:// URI that loads an arbitrary .ini file from a UNC share pathname. Exploitation depends on browser-specific URI handling (Chrome is not exploitable).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mirc | Mirc | < 7.55 |
Related Weaknesses (CWE)
References
- https://github.com/proofofcalc/cve-2019-6453-pocExploitThird Party Advisory
- https://proofofcalc.com/advisories/20190218.txtThird Party Advisory
- https://proofofcalc.com/cve-2019-6453-mIRC/ExploitThird Party Advisory
- https://twitter.com/proofofcalc/status/1097518413143003136ExploitThird Party Advisory
- https://www.exploit-db.com/exploits/46392/ExploitThird Party AdvisoryVDB Entry
- https://www.mirc.com/news.htmlProduct
- https://github.com/proofofcalc/cve-2019-6453-pocExploitThird Party Advisory
- https://proofofcalc.com/advisories/20190218.txtThird Party Advisory
- https://proofofcalc.com/cve-2019-6453-mIRC/ExploitThird Party Advisory
- https://twitter.com/proofofcalc/status/1097518413143003136ExploitThird Party Advisory
- https://www.exploit-db.com/exploits/46392/ExploitThird Party AdvisoryVDB Entry
- https://www.mirc.com/news.htmlProduct
FAQ
What is CVE-2019-6453?
CVE-2019-6453 is a vulnerability with a CVSS score of 8.1 (HIGH). mIRC before 7.55 allows remote command execution by using argument injection through custom URI protocol handlers. The attacker can specify an irc:// URI that loads an arbitrary .ini file from a UNC s...
How severe is CVE-2019-6453?
CVE-2019-6453 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-6453?
Check the references section above for vendor advisories and patch information. Affected products include: Mirc Mirc.