Mirc
CVEs (17)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-6453 | 0.10 | — | 0.72 | Feb 18, 2019 | mIRC before 7.55 allows remote command execution by using argument injection through custom URI protocol handlers. The attacker can specify an irc:// URI that loads an arbitrary .ini file from a UNC share pathname. Exploitation depends on browser-specific URI handling (Chrome is… | |||
| CVE-2008-4449 | 0.06 | — | 0.39 | Oct 6, 2008 | Stack-based buffer overflow in mIRC 6.34 allows remote attackers to execute arbitrary code via a long hostname in a PRIVMSG message. | |||
| CVE-2003-1336 | 0.06 | — | 0.36 | Dec 31, 2003 | Buffer overflow in mIRC before 6.11 allows remote attackers to execute arbitrary code via a long irc:// URL. | |||
| CVE-2002-1456 | 0.04 | — | 0.12 | Jun 9, 2003 | Buffer overflow in mIRC 6.0.2 and earlier allows remote attackers to execute arbitrary code via a long $asctime value. | |||
| CVE-2002-0231 | 0.04 | — | 0.10 | May 16, 2002 | Buffer overflow in mIRC 5.91 and earlier allows a remote server to execute arbitrary code on the client via a long nickname. | |||
| CVE-2003-1512 | 0.03 | — | 0.02 | Dec 31, 2003 | Buffer overflow in mIRC 6.1 and 6.11 allows remote attackers to cause a denial of service (crash) via a long DCC SEND request. | |||
| CVE-2008-7314 | 0.00 | — | 0.01 | Jan 23, 2020 | mIRC before 6.35 allows attackers to cause a denial of service (crash) via a long nickname. | |||
| CVE-2011-5282 | 0.00 | — | 0.01 | Jan 21, 2020 | mIRC prior to 7.22 has a message leak because chopping of outbound messages is mishandled. | |||
| CVE-2007-4402 | 0.00 | — | 0.03 | Aug 18, 2007 | Multiple unspecified scripts in mIRC allow user-assisted remote attackers to execute arbitrary code via the '|' (pipe) shell metacharacter in the name of the song in a .mp3 file. | |||
| CVE-2007-4401 | 0.00 | — | 0.02 | Aug 18, 2007 | Multiple CRLF injection vulnerabilities in the Advanced mIRC Integration Plugin and possibly other unspecified scripts in mIRC allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file. | |||
| CVE-2006-0489 | 0.00 | — | 0.00 | Feb 1, 2006 | Buffer overflow in the font command of mIRC, probably 6.16, allows local users to execute arbitrary code via a long string. NOTE: the original researcher claims that issue has been disputed by the vendor, and that the vendor stated "as far as I can tell, this is neither an… | |||
| CVE-2005-4681 | 0.00 | — | 0.01 | Dec 31, 2005 | Buffer overflow in mIRC 5.91, 6.03, 6.12, and 6.16 allows local users to execute arbitrary code via a long string that is entered after reaching the DCC Get Folder Dialog. NOTE: this issue has been disputed by the vendor, saying "as far as I can tell, this is neither an exploit… | |||
| CVE-2003-1508 | 0.00 | — | 0.02 | Dec 31, 2003 | Buffer overflow in mIRC 6.12, when the DCC get dialog window has been minimized and the user opens the minimized window, allows remote attackers to cause a denial of service (crash) via a long filename. | |||
| CVE-2002-0425 | 0.00 | — | 0.02 | Aug 12, 2002 | mIRC DCC server protocol allows remote attackers to gain sensitive information such as alternate IRC nicknames via a "100 testing" message in a DCC connection request that cannot be ignored or canceled by the user, which may leak the alternate nickname in a response message. | |||
| CVE-2001-0944 | 0.00 | — | 0.00 | Dec 2, 2001 | DDE in mIRC allows local users to launch applications under another user's account via a DDE message that executes a command, which may be executed by the other user's process. | |||
| CVE-2001-0315 | 0.00 | — | 0.01 | Jun 2, 2001 | The locking feature in mIRC 5.7 allows local users to bypass the password mechanism by modifying the LockOptions registry key. | |||
| CVE-1999-0399 | 0.00 | — | 0.03 | Jan 1, 1999 | The DCC server command in the Mirc 5.5 client doesn't filter characters from file names properly, allowing remote attackers to place a malicious file in a different location, possibly allowing the attacker to execute commands. |
- CVE-2019-6453Feb 18, 2019risk 0.10cvss —epss 0.72
mIRC before 7.55 allows remote command execution by using argument injection through custom URI protocol handlers. The attacker can specify an irc:// URI that loads an arbitrary .ini file from a UNC share pathname. Exploitation depends on browser-specific URI handling (Chrome is…
- CVE-2008-4449Oct 6, 2008risk 0.06cvss —epss 0.39
Stack-based buffer overflow in mIRC 6.34 allows remote attackers to execute arbitrary code via a long hostname in a PRIVMSG message.
- CVE-2003-1336Dec 31, 2003risk 0.06cvss —epss 0.36
Buffer overflow in mIRC before 6.11 allows remote attackers to execute arbitrary code via a long irc:// URL.
- CVE-2002-1456Jun 9, 2003risk 0.04cvss —epss 0.12
Buffer overflow in mIRC 6.0.2 and earlier allows remote attackers to execute arbitrary code via a long $asctime value.
- CVE-2002-0231May 16, 2002risk 0.04cvss —epss 0.10
Buffer overflow in mIRC 5.91 and earlier allows a remote server to execute arbitrary code on the client via a long nickname.
- CVE-2003-1512Dec 31, 2003risk 0.03cvss —epss 0.02
Buffer overflow in mIRC 6.1 and 6.11 allows remote attackers to cause a denial of service (crash) via a long DCC SEND request.
- CVE-2008-7314Jan 23, 2020risk 0.00cvss —epss 0.01
mIRC before 6.35 allows attackers to cause a denial of service (crash) via a long nickname.
- CVE-2011-5282Jan 21, 2020risk 0.00cvss —epss 0.01
mIRC prior to 7.22 has a message leak because chopping of outbound messages is mishandled.
- CVE-2007-4402Aug 18, 2007risk 0.00cvss —epss 0.03
Multiple unspecified scripts in mIRC allow user-assisted remote attackers to execute arbitrary code via the '|' (pipe) shell metacharacter in the name of the song in a .mp3 file.
- CVE-2007-4401Aug 18, 2007risk 0.00cvss —epss 0.02
Multiple CRLF injection vulnerabilities in the Advanced mIRC Integration Plugin and possibly other unspecified scripts in mIRC allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
- CVE-2006-0489Feb 1, 2006risk 0.00cvss —epss 0.00
Buffer overflow in the font command of mIRC, probably 6.16, allows local users to execute arbitrary code via a long string. NOTE: the original researcher claims that issue has been disputed by the vendor, and that the vendor stated "as far as I can tell, this is neither an…
- CVE-2005-4681Dec 31, 2005risk 0.00cvss —epss 0.01
Buffer overflow in mIRC 5.91, 6.03, 6.12, and 6.16 allows local users to execute arbitrary code via a long string that is entered after reaching the DCC Get Folder Dialog. NOTE: this issue has been disputed by the vendor, saying "as far as I can tell, this is neither an exploit…
- CVE-2003-1508Dec 31, 2003risk 0.00cvss —epss 0.02
Buffer overflow in mIRC 6.12, when the DCC get dialog window has been minimized and the user opens the minimized window, allows remote attackers to cause a denial of service (crash) via a long filename.
- CVE-2002-0425Aug 12, 2002risk 0.00cvss —epss 0.02
mIRC DCC server protocol allows remote attackers to gain sensitive information such as alternate IRC nicknames via a "100 testing" message in a DCC connection request that cannot be ignored or canceled by the user, which may leak the alternate nickname in a response message.
- CVE-2001-0944Dec 2, 2001risk 0.00cvss —epss 0.00
DDE in mIRC allows local users to launch applications under another user's account via a DDE message that executes a command, which may be executed by the other user's process.
- CVE-2001-0315Jun 2, 2001risk 0.00cvss —epss 0.01
The locking feature in mIRC 5.7 allows local users to bypass the password mechanism by modifying the LockOptions registry key.
- CVE-1999-0399Jan 1, 1999risk 0.00cvss —epss 0.03
The DCC server command in the Mirc 5.5 client doesn't filter characters from file names properly, allowing remote attackers to place a malicious file in a different location, possibly allowing the attacker to execute commands.