Flaw in mIRC App Allows Attackers to Execute Commands Remotely

guest · Feb 20, 2019

Flaw in mIRC App Allows Attackers to Execute Commands Remotely
February 20, 2019
https://www.bleepingcomputer.com/ne...llows-attackers-to-execute-commands-remotely/

mIRC is a popular Internet Relay Chat, or IRC, application that allows users to connect to IRC servers in order to chat with other users. These chat servers are used to talk about a variety of topics and allow users to send images, links, and files to other users on the same server.

"mIRC has been shown to be vulnerable to argument injection through its associated URI protocol handlers that improperly escape their parameters," the researchers explain in their writeup. "Using available command-line parameters, an attacker is able to load a remote configuration file and to automatically run arbitrary code."

This vulnerability can be exploited simply by having a user open a web page, it can be distributed via phishing, forum posts, or through any other location that allows user submitted content.
Click to expand...

CVE-2019-6453: RCE on mIRC <7.55 using argument injection through custom URI protocol handlers

Log in or Sign up

Flaw in mIRC App Allows Attackers to Execute Commands Remotely

guest Guest

Log in or Sign up

Flaw in mIRC App Allows Attackers to Execute Commands Remotely

guest Guest

Useful Searches