By Tyler Cole Mar 27, 2005, 0:05 GMT
LogicLibrary has discovered a security flaw in Trillian, the IM program created by Cerulean Studios.
Cerulean co-founder and CEO Scott Werndorfer said the buffer-related vulnerability is of "extremely low risk."
In an e-mail sent to CNET News.com on Friday, he said that attackers would need to construct an entire fake IM software client for the sole purpose of sending a malicious request to a Trillian user.
He said, that person would then have to actually accept that message request in order for the attacker to take advantage of the flaw.
Werndorfer pledged that the hole will be patched in the next release of Trillian and said that many of the buffer problems were fixed in the 3.1 version of the application. He strongly encouraged all Trillian users to "exercise extreme caution" when accepting file transfers or any other form of communication from any unknown contacts.
Your Talkback on this Story