There are two solutions for 6.03 users. The first one is as simple as this:
  • On *:logon:*:.ignore -wd *
    On *:notice:dcc & *:?:.ignore -xu10 $nick
Since any valid DCC request must be preceded by a private notice, only people who send it will be added to the ignore exceptions. In this way, those exploiters who join busy channels and send a channel-wide CTCP to everyone will be totally ignored.

This code however doesn't guarantee you will be 100% protected, because if a smart exploiter fakes a private notice followed by the crashing CTCP, your mIRC will end up dead. But I think that would rarely happen, if at all, and you can still be happy with this code.

Another solution covers the rare possibility as well, by comparing the file that is specified in the private notice against the file that is included in the CTCP message and rejecting it in case of mismatch.

This script is a little bit longer than the other solution so I won't bother the readers, but you can get it here.

Although this one should completely protect you against malicious exploiters, it has two disadvantages of its own - it only reacts on DCC sends, leaving chats and fserves ignored, and and it doesn't let you request resume for partially-downloaded files due to the way it works.

So far both solutions seem to work as expected, but it would be nice like to get some feedback from you.

Good luck laugh