Remote Command Execution via Argument Injection in mIRC URI Protocol Handlers
CVE-2019-6453 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:P
mIRC before 7.55 allows remote command execution by using argument injection through custom URI protocol handlers. The attacker can specify an irc:// URI that loads an arbitrary .ini file from a UNC share pathname. Exploitation depends on browser-specific URI handling (Chrome is not exploitable).
Learn more about our Cis Benchmark Audit For Google Chrome.