Winamp mIRC plugin vulnerability

Affected Software

  • Nullsoft mIRC Control Plug-in v0.6 (gen_mirc.dll) and other versions
  • mIRC Control EX Plug-In V 2.00 (gen_ircex.dll) and other versions
  • mIRCPlug v1.0,1.2 (gen_mircplug.dll)
  • ... maybe other plugins?


These plugins allow Winamp to notify mIRC of what track you are playing. The user can configure what command the plugin sends to mIRC, e.g. "/set %currentsong %s", where %s is replaced by the name of the current song, as in the ID3v tag.

By putting a "|" (command separation character) and mIRC-commands in the ID3v-tag and tricking the user into playing the mp3, an attacker can take full control over a victims computer.


Setting the songname in the ID3v tag of an mp3 to "t | /run notepad" and playing it with winamp, with the plugin installed and enabled and mIRC running, would start notepad.