Security researchers have issued a warning of a flaw in the Trillian cross-platform instant messaging (IM) client that puts users at risk of malicious hacker attacks.
The vulnerability has been reported in Trillian 0.74i, which is the current free version of the product distributed by Cerulean Studios.
An advisory from Secunia attached a "moderately critical" rating to the flaw, saying it exists in the MSN Module, which allows the client to connect to Microsoft's chat network.
Secunia said the vulnerability is caused by a boundary error within the MSN module and can be exploited to cause a buffer overflow by passing an overly long string (about 4096 bytes) from an MSN Messenger server.
"Successful exploitation requires that a malicious person either intercepts and manipulates traffic sent from an MSN Messenger server to the user or gets the user's Trillian to connect to a malicious MSN messenger server," according to the alert.
Efforts by internetnews.com to contact Cerulean Studios for comment were unsuccessful.
