Loss of Confidentiality,
Loss of Integrity,
Loss of Availability
A remote overflow exists in Cerulean Studios' Trillian and Trillian Pro. The Yahoo Messenger packet parser fails to properly handle oversized packet key names resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of confidentiality, integrity, and availability.
Upgrade to Trillian version 0.74G or Trillian Pro version 2.011 or higher, as it has been reported to fix this vulnerability. Patches are also available. An upgrade is required as there are no known workarounds.