RealTime IT News

Trillian MSN Module Flaw Warning

Security researchers have issued a warning of a flaw in the Trillian cross-platform instant messaging (IM) client that puts users at risk of malicious hacker attacks.

The vulnerability has been reported in Trillian 0.74i, which is a free version of the product distributed by Cerulean Studios.

An advisory from Secunia attached a "moderately critical" rating to the flaw, saying it exists in the MSN Module, which allows the client to connect to Microsoft's chat network.

Secunia said the vulnerability is caused by a boundary error within the MSN module and can be exploited to cause a buffer overflow by passing an overly long string (about 4096 bytes) from an MSN Messenger server.

"Successful exploitation requires that a malicious person either intercepts and manipulates traffic sent from an MSN Messenger server to the user or get the user's Trillian to connect to a malicious MSN messenger server," according to the alert.

Efforts by internetnews.com to contact Cerulean Studios for comment were unsuccessful.