Trillian MSN Module Flaw Warning
Page 1 of 1
Security researchers have issued a warning of a flaw in the Trillian cross-platform instant messaging (IM) client that puts users at risk of malicious hacker attacks.
The vulnerability has been reported in Trillian 0.74i, which is a free version of the product distributed by Cerulean Studios.
An advisory from Secunia attached a "moderately critical" rating to the flaw, saying it exists in the MSN Module, which allows the client to connect to Microsoft's chat network.
Secunia said the vulnerability is caused by a boundary error within the MSN module and can be exploited to cause a buffer overflow by passing an overly long string (about 4096 bytes) from an MSN Messenger server.
"Successful exploitation requires that a malicious person either intercepts and manipulates traffic sent from an MSN Messenger server to the user or get the user's Trillian to connect to a malicious MSN messenger server," according to the alert.
Efforts by internetnews.com to contact Cerulean Studios for comment were unsuccessful.