Security update for Trillian instant messenger
The Zero Day Initiative have identified three vulnerabilities in the Trillian Instant Messenger application. Errors in the processing of XML code can lead to buffer overflows, while another flaw in the XML processing leads to memory corruption. A flaw exists in tooltip handling, which itself relies on generating a XML tag when handling an image, possibly leading to a stack overflow. ZDI rate all three flaws as capable of allowing an unauthenticated user to remotely execute code.
According to the Zero Day Initiative, these bugs affect all versions before version 220.127.116.11, which was released by Cerulean to fix these security issues and to fix an issue with the MSN engine which was causing crashes.