CVE-2019-6453

HIGH

mIRC < 7.55 - Remote Command Execution via Custom URI Protocol Handler

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2019-6453. PoCs published by ProofOfCalc, proofofcalc, andripwn.

AI-analyzed exploit summary This exploit leverages argument injection via mIRC's URI protocol handlers to load a remote configuration file and execute arbitrary code. The PoC includes a custom mirc.ini and calc.ini to trigger a calc.exe payload.

Description

mIRC before 7.55 allows remote command execution by using argument injection through custom URI protocol handlers. The attacker can specify an irc:// URI that loads an arbitrary .ini file from a UNC share pathname. Exploitation depends on browser-specific URI handling (Chrome is not exploitable).

Exploits (3)

exploitdb WORKING POC
by ProofOfCalc · textremotewindows
https://www.exploit-db.com/exploits/46392

This exploit leverages argument injection via mIRC's URI protocol handlers to load a remote configuration file and execute arbitrary code. The PoC includes a custom mirc.ini and calc.ini to trigger a calc.exe payload.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: mIRC < 7.55
No auth needed
Prerequisites: mIRC < 7.55 installed · mIRC set as default handler for irc:// URI scheme · Attacker-controlled Samba file server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 50 stars
by proofofcalc · poc
https://github.com/proofofcalc/cve-2019-6453-poc

This PoC demonstrates a Remote Code Execution vulnerability in mIRC <7.55 via argument injection through the irc:// URI protocol handler. It leverages a custom mirc.ini file hosted on a Samba server to execute arbitrary commands (e.g., calc.exe) when a victim visits a malicious HTML page.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: mIRC <7.55
No auth needed
Prerequisites: mIRC <7.55 installed · mIRC set as default handler for irc:// URIs · Attacker-controlled Samba server · Victim visits malicious HTML page
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by andripwn · poc
https://github.com/andripwn/mIRC-CVE-2019-6453

This PoC demonstrates a Remote Code Execution (RCE) vulnerability in mIRC <7.55 via argument injection through the irc:// URI protocol handler. It leverages a custom mirc.ini file hosted on a Samba server to execute arbitrary commands, such as launching calc.exe.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: mIRC <7.55
No auth needed
Prerequisites: mIRC set as default handler for irc:// URIs · Samba file server hosting malicious mirc.ini and calc.ini · Victim visits crafted HTML page
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/46392/
Third Party Advisory x_refsource_misc
https://proofofcalc.com/advisories/20190218.txt
Exploit, Third Party Advisory x_refsource_misc
https://github.com/proofofcalc/cve-2019-6453-poc
Product x_refsource_misc
https://www.mirc.com/news.html
Exploit, Third Party Advisory x_refsource_misc
https://proofofcalc.com/cve-2019-6453-mIRC/
Exploit, Third Party Advisory x_refsource_misc
https://twitter.com/proofofcalc/status/1097518413143003136

Scores

CVSS v3 8.1
EPSS 0.7178
EPSS Percentile 99.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-88
Status published
Products (1)
mirc/mirc < 7.55
Published Feb 18, 2019
Tracked Since Feb 18, 2026