Miranda repairs the reported vulnerabilities

Nov 13, 2007 14:23 GMT  ·  By

Miranda has always been described as one of the best alternatives to the traditional instant messaging clients such as Yahoo Messenger, Windows Live Messenger, Jabber and many others. In fact, Miranda allows a single user to access all these networks from one simple window without having to install additional programs on his/her computer. A few days ago, security company Secunia reported a vulnerability in Miranda which could allow an attacker to compromise an affected computer. Secunia rated the flaw as less critical but the folks working at Miranda quickly patched it, releasing the update product today.

"The vulnerability is caused due to a format string error within "ext_yahoo_contact_added()" in yahoo.c and can be exploited via a "Y7 Buddy Authorization" packet containing format string specifiers," Secunia wrote in the advisory published on November 9. The Miranda developers confirmed the vulnerability in the 0.7.1 version so all the users must update their products to the 0.7.3 release rolled out today.

The Miranda 0.7.3 release notes contain two major changes: one of them in the MSN protocol - URL encoding of utf8 was broken and the other one in Jabber - a contact list vulnerability was fixed. "Due to the nature of these changes, it is recommended that all users upgrade as soon as possible," the Miranda developers wrote on the official page of the product.

Just like other software solutions in its category, Miranda is pretty useful if you intend to communicate on more instant messaging networks from only one solution. Imagine that you want to chat with your friends on Yahoo Messenger, Windows Live Messenger, ICQ, Jabber and IRC. You'd be forced to install no less 5 applications and run them at the same time. But with Miranda, it's pretty easy because all you need to do is configure your accounts in Miranda and talk with all your friends from only one window.