A new version of an instant messenger called Trillian is now available. This updated version fixes a heap overflow vulnerability which was caused by programming errors i the word-wrapping process of UTF-8 text format.

According to The Register’s article, hackers can crash the program and an attack would trigger even if a user just viewed a malicious message.

A warning has been posted by iDefense and it said, “The MSN protocol is a known attack vector for this vulnerability. However, exploitation could potentially occur using any supported protocol.”

A blog entry was posted on Cerulean Studios’ Trillian blog about this specific update. The version number of the patched version is 3.1.6.0.

Source: The Register