DC++ 0.802 and below incorrectly registers URI schemes in Windows

Background
DC++ [1] is a chat and file sharing application for the Direct Connect [2] network.

DC++ registers three URI schemes in Microsoft Windows; dchub, adc and magnet. Microsoft outlines the approach in 'Registering an Application to a URI scheme' [3].

Security issue description
DC++ 0.802 and below registers the application in the registry key "HKEY_CURRENT_USER/Software/Classes/adc/Shell/Open/Command" (for adc, likewise for dchub and magnet). DC++ registers the application with the following command;
"C:\Program Files (x86)\DC++\DCPlusPlus.exe" %1
(where the path mentioned is where DC++ is installed)

Microsoft notes in the 'launching the handler' section that an application should register itself with quotation marks around the parameter that is passed to the application. DC++ 0.802 and below do not do this, as shown above. Microsoft specifies that the proper registration should look like;
"C:\Program Files (x86)\DC++\DCPlusPlus.exe" "%1"

Microsoft notes in the same article potential attack vectors and potential formatting problems.

Fix description
A fix was deployed to the DC++ source control on 4th of January, 2013 [4], with the suggested changes from Microsoft. This fix is in DC++ 0.810.

Exploits
No known attacks or exploits are reported at this time.

Affected versions: 0.802 and below. Additionally, any modification of the application may be affected.

Found and fixed by: Fredrik Ullner <ullner at gmail.com>

References
[1] http://dcplusplus.sourceforge.net/
[2] http://en.wikipedia.org/wiki/Direct_Connect_(file_sharing)
[3] http://msdn.microsoft.com/en-us/library/aa767914.aspx
[4] http://bazaar.launchpad.net/~dcplusplus-team/dcplusplus/trunk/revision/3166
[5] http://sourceforge.net/projects/dcplusplus/files/DC%2B%2B%200.810/DCPlusPlus-0.810.exe/download?utm_expid=65835818-0&utm_referrer=http%3A%2F%2Fdcplusplus.sourceforge.net%2Fdownload.html