14 DAY TRIAL // Trillian is currently a famous Yahoo Messenger alternative, being able to offer multiple connections on the most known instant messaging protocols. Among others, Trillian can connect to the Yahoo network, Jabber and ICQ, helping users to communicate using almost the same functions as the original clients provided by their developers. However, Trillian's producers are currently working on Astra, the next version of the application that will surely challenge its rivals. That's why I think the developers somehow forgot the 3.1 version that seems to be vulnerable to malicious attempts. Security company Secunia discovered a flaw in Trillian 3.1 that might allow an attacker to obtain access to the information stored on the computer or even the control over the affected system.
As far as I can see, the vulnerability was identified in the IRC module included in Trillian, a protocol that enables users to chat using the old-fashioned communications network. "An error within the copy operation in an IRC message window (by highlighting the text) can be exploited to cause a heap-based buffer overflow via an overly long URL string consisting of UTF-8 characters," Secunia described the issue.
Basically, the flaw might be exploited once the attacker sends a CTCP PING packet to the affected system, Trillian being unable to handle the requests. "This could allow the next line to be sent to the attacker instead of the server," Secunia added.
At this time, there is only one solution available for all Trillian users: update to version 3.5.1.0, a release that is also available on Softpedia as a free download. If you still think Trillian must be replaced with another similar application, check out this article for more alternatives for the old-fashioned Yahoo Messenger.