Security Vulnerabilities fixed in mIRC 7.55

description-logoDescription

mIRC before 7.55 allows remote command execution by using argument injection through custom URI protocol handlers. The attacker can specify an irc:// URI that loads an arbitrary .ini file from a UNC share pathname. Exploitation depends on browser-specific URI handling (Chrome is not exploitable).

affected-products-logoAffected Applications

mIRC

CVE References

CVE-2019-6453