CVE-2003-1336

mIRC < 6.11 - Remote Code Execution via Long irc:// URL

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2003-1336. PoCs published by Metasploit, blasty, including Metasploit module exploits/windows/browser/mirc_irc_url.

AI-analyzed exploit summary This Metasploit module exploits a stack buffer overflow in mIRC 6.1 via an overly long IRC URL, allowing remote code execution. It uses SEH overwrites and targets specific Windows versions with predefined return addresses.

Description

Buffer overflow in mIRC before 6.11 allows remote attackers to execute arbitrary code via a long irc:// URL.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16530

This Metasploit module exploits a stack buffer overflow in mIRC 6.1 via an overly long IRC URL, allowing remote code execution. It uses SEH overwrites and targets specific Windows versions with predefined return addresses.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: mIRC 6.1
No auth needed
Prerequisites: Victim must visit a malicious URL or webpage hosting the exploit · Target must be using mIRC 6.1 on a vulnerable Windows version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by blasty · cremotewindows
https://www.exploit-db.com/exploits/112

This exploit targets a buffer overflow in mIRC < 6.11 via a maliciously crafted irc:// URI embedded in an HTML file. It overwrites EIP with a JMP ESP address from ntdll.dll and executes shellcode to spawn cmd.exe.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: mIRC < 6.11
No auth needed
Prerequisites: Victim must open the malicious HTML file in a vulnerable client (e.g., Outlook Express or via IRC)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/mirc_irc_url.rb

This Metasploit module exploits a stack buffer overflow in mIRC 6.1 via a crafted IRC URL. It leverages SEH overwrite to achieve remote code execution on vulnerable Windows systems.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: mIRC 6.1
No auth needed
Prerequisites: Victim must visit a malicious URL · mIRC 6.1 installed on Windows 2000 or XP
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/2665
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/9996
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/13405
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/8819

Scores

EPSS 0.3571
EPSS Percentile 98.3%

Details

CWE
CWE-119
Status published
Products (1)
mirc/mirc < 6.1
Published Dec 31, 2003
Tracked Since Feb 18, 2026