I. BACKGROUND

mIRC is "a friendly IRC client that is well equipped with options and
tools"

More information about the application is available at
http://www.mirc.com

II. DESCRIPTION

The 'URL handler' allows a user to double-click an url posted in a channel
or in a query. This will afterwards be opened in the default browser.
The 'URL handler' fails to filter/ignore colour codes in links, making
'url spoofing' possible.

III. ANALYSIS

Messaging users stuff like "Oh my god Saddam just blew up Israel look
for yourself on www.cnn.com0@www.paysite.com/ref.php?refid=spam-user"
will lead the target to beleive he's entering cnn.com, while he is in 
fact accessing www.paysite.com and giving clicks/cash/whatever to the
'attacker'. Note that the 0 is the colour white, which is the default
background colour in mIRC.

IV. DETECTION

mIRC 6.03 and below (those versions who incorporate colour codes/url 
handling) are found to be vulnerable.

V. WORKAROUND

unknown

VI. VENDOR FIX

unknown

VII. CVE INFORMATION

unknown

VIII. DISCLOSURE TIMELINE

unknown

IX. CREDIT

Knud Erik Højgaard/kokaninATdtors.net