The discovery of a trio of security bugs means that users of the popular Trillian instant messaging client need to update their software.
All three of the newly discovered bugs create a means for hackers to inject malware onto the PCs of surfers running vulnerable versions of the multi-protocol chat application from Cerulean Studios. The vulnerabilities involve flaws in how Trillian parses MSN protocol traffic, an error within XML parsing, and a third flaw involving the processing of messages with long (malformed) attribute values within the FONT tag can be exploited.
Users need to update to Trillian version 18.104.22.168, as described in an advisory by security notification firm Secunia here. ®