UnrealIRCd 22.214.171.124, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which allows remote attackers to execute arbitrary commands. Per: http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt
'Official precompiled Windows binaries (SSL and non-ssl) are NOT affected.
CVS is also not affected.
3.2.8 and any earlier versions are not affected.
Any Unreal126.96.36.199.tar.gz downloaded BEFORE November 10 2009 should be safe, but you should really double-check, see next.'