VDB-130984 · CVE-2019-6453 · Qualys 91517

mIRC up to 7.54 URI Protocol Argument command injection

EntryeditHistoryDiffjsonxmlCTI

A vulnerability was found in mIRC up to 7.54 (Chat Software). It has been declared as critical. This vulnerability affects an unknown function of the component URI Protocol Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
874761405/11/2020VulD...urlhttps://www.exploit-db.com/exploits/46392/exploit-db.com05/11/2020accepted100
874757605/11/2020VulD...discoverydate155044800005/11/2020accepted100
874762802/19/2019VulD...cvss3_nvd_basescore8.1nist.gov02/19/2019accepted90
874762702/19/2019VulD...cvss3_vuldb_rcX02/19/2019accepted90
874762602/19/2019VulD...cvss3_vuldb_rlX02/19/2019accepted90
874762502/19/2019VulD...cvss3_vuldb_eX02/19/2019accepted90
874762402/19/2019VulD...cvss2_vuldb_rcND02/19/2019accepted90
874762302/19/2019VulD...cvss2_vuldb_rlND02/19/2019accepted90
874762202/19/2019VulD...cvss2_vuldb_eND02/19/2019accepted90
874762102/19/2019VulD...locationWebsite02/19/2019accepted90
874762002/19/2019VulD...qualys_titlemIRC Remote Code Execution Vulnerabilityqualys.com02/19/2019accepted100
874761902/19/2019VulD...qualys_id91517qualys.com02/19/2019accepted100
874761802/19/2019VulD...cve_nvd_summarymIRC before 7.55 allows remote command execution by using argument injection through custom URI protocol handlers. The attacker can specify an irc:// URI that loads an arbitrary .ini file from a UNC share pathname. Exploitation depends on browser-specific URI handling (Chrome is not exploitable).mitre.org02/19/2019accepted100
874761702/19/2019VulD...cve_assigned1547596800mitre.org02/19/2019accepted100
874761602/19/2019VulD...cveCVE-2019-6453mitre.org02/19/2019accepted100
874761502/19/2019VulD...price_0day$0-$5ksee documentation02/19/2019accepted100
874761302/19/2019VulD...date1550448000 (02/18/2019)02/19/2019accepted100
874761202/19/2019VulD...cvss3_nvd_aHnist.gov02/19/2019accepted100
874761102/19/2019VulD...cvss3_nvd_iHnist.gov02/19/2019accepted100
874761002/19/2019VulD...cvss3_nvd_cHnist.gov02/19/2019accepted100

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!