CVE-2019-6453

Name of the Vulnerable Software and Affected Versions mIRC versions prior to 7.55

Description The issue allows remote command execution through argument injection by using custom URI protocol handlers. An attacker can specify an irc:// URI to load an arbitrary .ini file from a UNC share pathname. The exploitation depends on browser-specific URI handling, with Chrome not being exploitable.

Recommendations For versions prior to 7.55, update to version 7.55 or later to resolve the issue. As a temporary workaround, consider restricting the handling of custom URI protocols to minimize the risk of exploitation.