
Another of the vulnerabilities is caused by an error in the way the tool handles long CTCP PING messages, which can be used to cause a vulnerable user to inadvertently send sensitive information to the hacker. A heap overflow error causes another flaw when highlighting long URLs, which can be exploited by remote attackers to execute arbitrary code.
The flaws affect Cerulean Studios Trillian version 3.1. The US-based software company has addressed the bugs within version 3.1.5.0.