[原文]The DCC server command in the Mirc 5.5 client doesn't filter characters from file names properly, allowing remote attackers to place a malicious file in a different location, possibly allowing the attacker to execute commands.
mIRC contains a flaw that may allow a remote attacker to execute arbitrary code. The issue is triggered due to the DCC Server command, which doesn't properly filter charachters (such as . and \) from file names. It is possible that the flaw may allow a remote attacker to place arbitrary code in a different location, such as the autostart directory, and then require the victim to execute those code, resulting in a loss of integrity.
Upgrade to version 5.91 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.