Original URL: http://www.theregister.co.uk/2008/05/23/trillian_security_bug/

Trillian blighted by security bug trio

Parse the sick bag

By John Leyden

Posted in Security, 23rd May 2008 10:42 GMT

The discovery of a trio of security bugs means that users of the popular Trillian instant messaging client need to update their software.

All three of the newly discovered bugs create a means for hackers to inject malware onto the PCs of surfers running vulnerable versions of the multi-protocol chat application from Cerulean Studios. The vulnerabilities involve flaws in how Trillian parses MSN protocol traffic, an error within XML parsing, and a third flaw involving the processing of messages with long (malformed) attribute values within the FONT tag can be exploited.

Users need to update to Trillian version 3.1.10.0, as described in an advisory by security notification firm Secunia here. ®