mIRC Security Flaw

Published by

Starting Oct 12, 2003, an exploit was used to crash many people's mIRC clients. All versions from 6.0 thru the recently released 6.11 are affected. (It does not appear to affect version 5.91 or earlier.) The exploit involves a type of DCC command which can be sent to any person or channel, no matter what your DCC options are. (DCC is used to trade files or for DCC chat.) The author of mIRC has been notified, presumably an official fix will be forthcoming "soon" but that is up to him. In the meantime, please don't clamor for more information, everything we are at liberty to say is here.

Read More for a command and more information For now, the only known fix is to ignore all DCC requests entirely. Just type the following command, on a new line by itself in any chat window, beginning with the slash character:

/ignore -wd *

(We don't advise downgrading to 5.x, since those have known exploits and multi-server doens't work. Do you really need warez/porn that badly that you can't ignore DCCs a few days? Err, don't answer that.)
This page will be updated as necessary. Check EFnet #mIRC topic (use /raw list #mIRC if you cannot join) for updates too. The information was contributed by EFnet helpers from many sources, working together in harmony without ego or drama, who knew. It is not an official message from the author of mIRC.

The following is for geeks, most people can stop reading. :-)

Irchelp.org