Cerulean Studios has released version 220.127.116.11 of its popular Trillian IM application, fixing a flaw attackers could exploit to run malicious code on targeted machines.
“iDefense Labs has notified us of a security vulnerability in Trillian 3.x, and we worked last week to resolve it and issue a patch,” the company said in its Trillian blog.
According to iDefense, Labs, the problem is a heap overflow vulnerability attackers could exploit to execute arbitrary code as the currently logged on user.
“The vulnerability specifically exists due to improper handling of UTF-8 sequences,” iDefense said. “When word-wrapping UTF-8 text, the window width is improperly used as a buffer size value. As such, heap corruption can occur leading to a potentially exploitable condition.”
Trillian is a popular multi-protocol chat application that supports the IRC, ICQ, AIM and MSN protocols.