Researchers have reported a vulnerability in the Trillian instant messaging application, adding to the rapid development of IM-related security threats.
Workers at LogicLibrary, a company that makes software development tools, including programs designed to catch bugs before applications go into production, said they have unearthed a potential flaw in the IM client made by Cerulean Studios.
According to LogicLibrary, the vulnerability could allow malicious-code writers to do anything from shutting down individual programs on computers running Trillian to gaining complete control of a machine’s operating system.
The company said the flaw in Cerulean’s software, revolves around an unbounded buffer problem in Trillian 3.1, the latest version of the application. However, LogicLibrary said the issue springs from a vulnerability it first found and reported to Cerulean in the Trillian 2.0 release of the IM software.
LogicLibrary said it began contacting Cerulean regarding the issue in 2003 but believes that future versions of Trillian failed to eliminate all the software’s flaws. The company believes that the same code that made Trillian 2.0 vulnerable has been copied directly into Trillian 3.1.