Thanks for your post, though the author of the code clearly does not use english as their primary language, it may help to explain it a bit further.
To summarise, elements of the locally opened "DCC Get Folder" dialog do not perform proper bounds checking, allowing a *local* user to perform commands with the same privileges (edit: strike as the running mirc.exe
). In most cases mIRC does not run with higher privileges anyway.
While this of course should be fixed, I would not consider it critical, in fact if a user has reached the "DCC Get Folder" they can select applications or commands to be run on receival of a file anyway, and IIRC can reach and disable the 'lock gets' option (I think?).
The more pressing security issue would be how the user managed to compile or place any executable on the target machine and then run it.
[edit: the exploit does not allow for privilege elevation, merely access to cmd.exe or whatever call required.]