CVE-2019-6453
Last modified
CVE-2019-6453 is a vulnerability of currently unknown severity. mIRC before 7.55 allows remote command execution by using argument injection through custom URI protocol handlers. The attacker can specify an irc:// URI that loads an arbitrary .ini file from a UNC share pathname. EPSS estimates a 71.78% chance of exploitation in the next 30 days.
Description
mIRC before 7.55 allows remote command execution by using argument injection through custom URI protocol handlers. The attacker can specify an irc:// URI that loads an arbitrary .ini file from a UNC share pathname. Exploitation depends on browser-specific URI handling (Chrome is not exploitable).
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mirc | Mirc | < 7.55 |
References
- https://github.com/proofofcalc/cve-2019-6453-pocExploit, Third Party Advisory
- https://proofofcalc.com/advisories/20190218.txtThird Party Advisory
- https://proofofcalc.com/cve-2019-6453-mIRC/Exploit, Third Party Advisory
- https://twitter.com/proofofcalc/status/1097518413143003136Exploit, Third Party Advisory
- https://www.exploit-db.com/exploits/46392/Exploit, Third Party Advisory, VDB Entry
- https://github.com/proofofcalc/cve-2019-6453-pocExploit, Third Party Advisory
- https://proofofcalc.com/advisories/20190218.txtThird Party Advisory
- https://proofofcalc.com/cve-2019-6453-mIRC/Exploit, Third Party Advisory
- https://twitter.com/proofofcalc/status/1097518413143003136Exploit, Third Party Advisory
- https://www.exploit-db.com/exploits/46392/Exploit, Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-6453?
How severe is CVE-2019-6453?
How do I fix CVE-2019-6453?
Are you affected by CVE-2019-6453?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST