Trillian Issues Security Update

Trillian developer Cerulean released an update Monday to address issues within the instant messaging product, including a buffer overflow vulnerability that could give an attacker control of a user's computer. iDefense said in an advisory that the issue lies in how the client handles UTF-8 messages, and the flaw could be exploited when an unusually long UTF-8 string is sent.

iDefense detected the issue through use of the MSN protocol, although it warned that other protocols may be at risk. Trillian also supports, AIM, Yahoo, ICQ, and IRC. The flaw was detected in version 3.1.5.1 of the product, and previous versions may also be at risk. All users are urged to upgrade to the latest version.