Описание
mIRC before 7.55 allows remote command execution by using argument injection through custom URI protocol handlers. The attacker can specify an irc:// URI that loads an arbitrary .ini file from a UNC share pathname. Exploitation depends on browser-specific URI handling (Chrome is not exploitable).
Ссылки
- ExploitThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- Product
- ExploitThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- Product
Уязвимые конфигурации
Конфигурация 1Версия до 7.55 (исключая)
cpe:2.3:a:mirc:mirc:*:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.84944
Высокий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-88
Связанные уязвимости
CVSS3: 8.1
github
больше 3 лет назад
mIRC before 7.55 allows remote command execution by using argument injection through custom URI protocol handlers. The attacker can specify an irc:// URI that loads an arbitrary .ini file from a UNC share pathname. Exploitation depends on browser-specific URI handling (Chrome is not exploitable).
EPSS
Процентиль: 99%
0.84944
Высокий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-88