Security researchers have issued a warning of a flaw in the Trillian
cross-platform instant messaging (IM) client that puts users at risk of
malicious hacker attacks.
The vulnerability has been reported in Trillian 0.74i, which is a
free version of the product distributed by Cerulean Studios.
An advisory from
Secunia attached a “moderately critical” rating to the flaw, saying it exists in the
MSN Module, which allows the client to connect to Microsoft’s chat
network.
Secunia said the vulnerability is caused by a boundary error
within the MSN module and can be exploited to cause a buffer overflow by passing an
overly long string (about 4096 bytes) from an MSN Messenger server.
“Successful exploitation requires that a malicious person either
intercepts and manipulates traffic sent from an MSN Messenger server to
the user or get the user’s Trillian to connect to a malicious MSN
messenger server,” according to the alert.
Efforts by internetnews.com to contact Cerulean Studios for
comment were unsuccessful.
