New version of Miranda fixes vulnerabilities
The developers of the Miranda open source instant messaging application have released version 0.7.1. According to the changelog, the new version fixes several security issues, including a series of critical vulnerabilities in the ICQ, IRC, Jabber and Yahoo modules which could be exploited by attackers using crafted chat messages to inject and execute arbitrary malicious code. Various minor programming errors have also been fixed. Miranda has also gained some new features. For example, the ICQ module now supports ICQ 6 images, the MSN module can now show nicknames for each message and skin support performance has been improved.
The developers have not, however, remedied the security vulnerability in Miranda arising from the URI vulnerability in Windows. Developers of other affected programs, such as Firefox and Skype, have responded to this problem and adapted their applications to prevent exploitation of this Windows vulnerability. Microsoft has now conceded that it needs to carry out remedial work, but has not yet released an official solution to the problem. Installation of the problematic unofficial URI patch is, however, definitely to be avoided. Miranda users should therefore continue to exercise maximum caution when clicking on links in chat messages.
- Release Notes and Changelog on new version of Miranda
- URI problem also affects Acrobat Reader and Netscape, heise Security