A serious bug can do execute a malicious code from a cracker.

Bug was discovered and announced Sunday 3 Feb, when K. Mardam-Bey has released new version of mIRC (6.0).

Bug is a buffer overflow, which determine nick assignment when an user try to connect at IRC server. It's possible send a nickname more large of 200 characters and force to connect it to an aggressive IRC server.
Cracker can also use a HTML code (web pages or e-mail) to force launch mIRC and connect it at a determined IP address.

All mIRC's version antecedent 6.0 are vulnerable.

In this moment aren't patch.

For details http://www.punto-informatico.it/p.asp?i=38934 (italian language).