Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Friday February 22 2019, @10:11AM   Printer-friendly
from the besmirched dept.

Submitted via IRC for SoyCow1984

Flaw in mIRC App Allows Attackers to Execute Commands Remotely

A vulnerability was discovered in the mIRC application that could allow attackers to execute commands, such as the downloading and installation of malware, on a vulnerable computer.

mIRC is a popular Internet Relay Chat, or IRC, application that allows users to connect to IRC servers in order to chat with other users. These chat servers are used to talk about a variety of topics and allow users to send images, links, and files to other users on the same server.

[...] A new vulnerability has been discovered by security researchers Benjamin Chetioui and Baptiste Devigne of ProofOfCalc that allows attackers to inject commands into these custom URI schemes when created by mIRC versions older than 7.55.

"mIRC has been shown to be vulnerable to argument injection through its associated URI protocol handlers that improperly escape their parameters," the researchers explain in their writeup. "Using available command-line parameters, an attacker is able to load a remote configuration file and to automatically run arbitrary code."

[...] This vulnerability can be exploited simply by having a user open a web page, it can be distributed via phishing, forum posts, or through any other location that allows user submitted content.

This vulnerability was fixed in mIRC 7.55, which was released on February 8th, 2019. As the researchers have posted a proof-of-concept exploit and as the vulnerability is trivial to exploit, users running older versions of mIRC are strongly advised to upgrade to the latest 7.55 version.

Here are the home and download pages for mIRC.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Funny) by isostatic on Friday February 22 2019, @01:31PM

    by isostatic (365) on Friday February 22 2019, @01:31PM (#805009) Journal

    /slap bugs

    Starting Score:    1  point
    Moderation   +2  
       Funny=2, Total=2
    Extra 'Funny' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4