1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: mIRC URI Protocol Handler RCE Activity

Web Attack: mIRC URI Protocol Handler RCE Activity

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects the attempt to execute a remote code vulnerability in mIRC.

Additional Information

mIRC before 7.55 allows remote command execution by using argument injection through custom URI protocol handlers. The attacker can specify an irc:// URI that loads an arbitrary .ini file from a UNC share pathname. Exploitation depends on browser-specific URI handling (Chrome is not exploitable).

Affected

  • mIRC before 7.55

Response


  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube