Flaw fixed in Trillian IM program
By secgeeks - Posted on June 19th, 2007
158
vote
Cerulean Studios has released version 3.1.6.0 of its popular Trillian IM application, fixing a flaw attackers could exploit to run malicious code on targeted machines.
“iDefense Labs has notified us of a security vulnerability in Trillian 3.x, and we worked last week to resolve it and issue a patch,” the company said in its Trillian blog.
According to iDefense, Labs, the problem is a heap overflow vulnerability attackers could exploit to execute arbitrary code as the currently logged on user.
“The vulnerability specifically exists due to improper handling of UTF-8 sequences,” iDefense said. “When word-wrapping UTF-8 text, the window width is improperly used as a buffer size value. As such, heap corruption can occur leading to a potentially exploitable condition.”
Trillian is a popular multi-protocol chat application that supports the IRC, ICQ, AIM and MSN protocols.
Technorati Tags: IM, IM+security, Trillian, Cerulean+Studios
Bookmark/Search this post with:
Trackback URL for this post:
http://secgeeks.com/trackback/575
Recent comments
30 weeks 5 days ago
33 weeks 2 days ago
1 year 2 weeks ago
1 year 2 weeks ago
1 year 2 weeks ago
1 year 18 weeks ago
1 year 34 weeks ago
2 years 25 weeks ago
2 years 26 weeks ago
2 years 28 weeks ago