CVE-2019-6453

EPSS 71.8%

mIRC before 7.55 allows remote command execution by using argument injection through custom URI protocol handlers. The attacker can specify an irc:// URI that loads an arbitrary .ini file from a UNC share pathname. Exploitation depends on browser-specific URI handling (Chrome is not exploitable).

Affected products

n/a · n/a

public PoCs found — 4

githubgithub.com/proofofcalc/cve-2019-6453-poc★ 49 githubgithub.com/andripwn/mIRC-CVE-2019-6453★ 1 cve_referencewww.exploit-db.com/exploits/46392/unverified exploitdbwww.exploit-db.com/exploits/46392unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/proofofcalc/cve-2019-6453-poc https://proofofcalc.com/advisories/20190218.txt https://proofofcalc.com/cve-2019-6453-mIRC/https://twitter.com/proofofcalc/status/1097518413143003136 https://www.exploit-db.com/exploits/46392/https://www.mirc.com/news.html