“A new DCC security issue has been discovered in mIRC. This is a completely new DCC exploit unrelated to previous exploits, and all versions are vulnerable to this new discovery, including the new 6.14.
Malicious users have already been found who abuse this exploit against users.
This new exploit is rather serious as it does not just crash a mIRC client, but allows the malicious user to execute arbitrary code, as well as perform any mIRC command.
At this point no patch is available to close the exploit. Ignoring all DCC requests, or having a proxy in between the client and the user which blocks DCC requests will prevent the exploit being abused.
You can either ignore DCC’s from the configuration panel which can be accessed through ALT-O, or use the following command from any window: /ignore -wd *”

That was the bug I posted about … not the other one.

4 thoughts on “mIRC

  1. It’s okay …… I’ll not be mentioning any alerts which are flooded across the irc network again.
    Efnet and Freenode were flooded with that warning, but hey, guess they were wrong too.

Comments are closed.