Following the discovery of a fairly severe security flaw, the popular conglomerate messaging suite, Trillian
, has been updated. Yesterday, Cerulean Studios released version 220.127.116.11
of the program, which is available for download already. The flaw was initially noticed back in May
, but was not made public until recently.
Like many flaws of this nature, it can lead to code execution and ultimately system compromise:
Exploitation of this vulnerability could allow remote attackers to execute arbitrary code with the credentials of the currently logged on user.
Exploitation occurs simply by viewing a malicious message that contains a specially constructed UTF-8 string.
Whether or not people have been affected by this flaw isn't posted on the Trillian blog. If you are using a 3.x branch of Trillian you should update when you can.