Stories
Slash Boxes
Comments

SoylentNews is people

Flaw in mIRC App Allows Attackers to Execute Commands Remotely

posted by martyb on Friday February 22 2019, @10:11AM   Printer-friendly
from the besmirched dept.
/dev/random

upstart writes:

Submitted via IRC for SoyCow1984

Flaw in mIRC App Allows Attackers to Execute Commands Remotely

A vulnerability was discovered in the mIRC application that could allow attackers to execute commands, such as the downloading and installation of malware, on a vulnerable computer.

mIRC is a popular Internet Relay Chat, or IRC, application that allows users to connect to IRC servers in order to chat with other users. These chat servers are used to talk about a variety of topics and allow users to send images, links, and files to other users on the same server.

[...] A new vulnerability has been discovered by security researchers Benjamin Chetioui and Baptiste Devigne of ProofOfCalc that allows attackers to inject commands into these custom URI schemes when created by mIRC versions older than 7.55.

"mIRC has been shown to be vulnerable to argument injection through its associated URI protocol handlers that improperly escape their parameters," the researchers explain in their writeup. "Using available command-line parameters, an attacker is able to load a remote configuration file and to automatically run arbitrary code."

[...] This vulnerability can be exploited simply by having a user open a web page, it can be distributed via phishing, forum posts, or through any other location that allows user submitted content.

This vulnerability was fixed in mIRC 7.55, which was released on February 8th, 2019. As the researchers have posted a proof-of-concept exploit and as the vulnerability is trivial to exploit, users running older versions of mIRC are strongly advised to upgrade to the latest 7.55 version.

Here are the home and download pages for mIRC.

Original Submission

This discussion has been archived. No new comments can be posted.
Flaw in mIRC App Allows Attackers to Execute Commands Remotely | Log In/Create an Account | Top | 11 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)

  • (Score: 2) by black6host on Friday February 22 2019, @11:15AM (1 child)

    by black6host (3827) on Friday February 22 2019, @11:15AM (#804975) Journal

    I probably would have missed this info had it not been submitted and posted. I rarely use mIRC anymore but it's nice to not be as vulnerable if I do. Easy upgrade, they should all be like that :)

    • (Score: 2) by rigrig on Friday February 22 2019, @12:12PM

      by rigrig (5129) <soylentnews@tubul.net> on Friday February 22 2019, @12:12PM (#804989) Homepage

      I rarely use mIRC anymore

      Don't worry: it was a flaw in the "irc:" URI handler, so you were vulnerable just by having it installed.

      --
      No one remembers the singer.

  • (Score: 4, Funny) by kazzie on Friday February 22 2019, @11:23AM

    by kazzie (5309) Subscriber Badge on Friday February 22 2019, @11:23AM (#804978)

    It feels quite fitting that this article was submitted via IRC.

  • (Score: 4, Funny) by isostatic on Friday February 22 2019, @01:31PM

    by isostatic (365) on Friday February 22 2019, @01:31PM (#805009) Journal

    /slap bugs

  • (Score: 2) by Revek on Friday February 22 2019, @02:08PM (1 child)

    by Revek (5022) on Friday February 22 2019, @02:08PM (#805028)

    You could change you're name to com1 or any other device name and mirc would disable that device. I can't recall if this applied to other irc clients I just remember mirc users having to reboot to dial back up.

    --
    This page was generated by a Swarm of Roaming Elephants

    • (Score: 2) by TheRaven on Saturday February 23 2019, @10:13AM

      by TheRaven (270) on Saturday February 23 2019, @10:13AM (#805525) Journal
      I haven't used mIRC for over a decade, but I remember being bitten by remotely exploitable vulnerabilities in it back then. Good to see that the developers are keeping old traditions alive.
      --
      sudo mod me up

  • (Score: 3, Informative) by ilsa on Friday February 22 2019, @02:23PM

    by ilsa (6082) Subscriber Badge on Friday February 22 2019, @02:23PM (#805036)

    mIRC is still around? That thing is older than dirt!

    So nice to know that there is still some 'old guard' around.

  • (Score: 4, Funny) by DannyB on Friday February 22 2019, @03:34PM

    by DannyB (5839) Subscriber Badge on Friday February 22 2019, @03:34PM (#805071) Journal

    Why is this remote command execution vulnerability always called a "flaw".

    It is a convenient remote administration feature. You get it for free. Without installing or configuring any additional software.

    mIRC is simply adapting in order to be more compatible with IoT device best practices.

    --
    To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.

  • (Score: 0) by Anonymous Coward on Friday February 22 2019, @06:55PM

    by Anonymous Coward on Friday February 22 2019, @06:55PM (#805236)

    This is truly a sad day.

    IRC is for 1337 h4x0r 8r05 to talk about 1337 h4x0r shit.

    Is nothing safe? Is nothing sacred?

    As a 1337 h4x0r myself...wait, my mom^W hot girlfriend is calling. BRB

  • (Score: 0) by Anonymous Coward on Friday February 22 2019, @07:33PM

    by Anonymous Coward on Friday February 22 2019, @07:33PM (#805265)

    who gives a rat's ass about this old crusty piece of shit windows program? if you support the enemies of free humanity you deserve to have your shit "hacked".

  • (Score: 0) by Anonymous Coward on Friday February 22 2019, @10:12PM

    by Anonymous Coward on Friday February 22 2019, @10:12PM (#805345)

    Wow, didnt know anyone used IRC, let alone that ancient client..

    Cool.

    ( and if you are using it, most likely you are using windows, so you deserve to get bit )

(1)