In Win32 binary release of sub-project XTelnet there are vulnerable OpenSSL DLL files. All users ar encouraged to upgrade to the latest version.
In-depth
From Secunia's advisory at http://secunia.com/advisories/37291/:
---
Description:
A vulnerability has been reported in OpenSSL, which can be exploited by malicious people to manipulate certain data.
The vulnerability is caused due to an error in the TLS protocol while handling session re-negotiations. This can be exploited to insert arbitrary plaintext before data sent by a legitimate client in an existing TLS session via Man-in-the-Middle (MitM) attacks.
Successful exploitation may allow e.g. sending an arbitrary HTTP request under an authenticated context if certificate-based authentication is used by the server.
All Windows users using binary builds are strongly encouraged to download the latest version of XTelnet.
Time line
2009-11-06 - Received notification about OpenSSL vulnerability from http://secunia.com/.
2009-11-12 - Release of VooDoo cIRCle 1.1.38, public disclosure - this advisory.