Security Bytes

Jun 19 2007   8:05AM GMT

Flaw fixed in Trillian IM program

Leigha Leigha Cardwell Profile: Leigha

Cerulean Studios has released version 3.1.6.0 of its popular Trillian IM application, fixing a flaw attackers could exploit to run malicious code on targeted machines.

“iDefense Labs has notified us of a security vulnerability in Trillian 3.x, and we worked last week to resolve it and issue a patch,” the company said in its Trillian blog.

According to iDefense, Labs, the problem is a heap overflow vulnerability attackers could exploit to execute arbitrary code as the currently logged on user.

“The vulnerability specifically exists due to improper handling of UTF-8 sequences,” iDefense said. “When word-wrapping UTF-8 text, the window width is improperly used as a buffer size value. As such, heap corruption can occur leading to a potentially exploitable condition.”

Trillian is a popular multi-protocol chat application that supports the IRC, ICQ, AIM and MSN protocols.

Technorati Tags: , , ,

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: