Text bug blights Trillian
PrintRather Dented
Posted in Security, 19th June 2007 11:09 GMT
Free whitepaper – Vulnerability management buyer's checklist
Users of the popular Trillian instant messaging client need to update their software following the discovery of a serious security bug.
The multi-protocol chat application from Cerulean Studios is subject to a heap overflow vulnerability because of programming errors involving the word-wrapping of UTF-8 text.
As a result, hackers might be able to crash versions of the application, thereby loading exploit code onto vulnerable systems. Viewing a malicious message containing a specially malformed UTF-8 string would be enough to trigger the attack.
"The MSN protocol is a known attack vector for this vulnerability. However, exploitation could potentially occur using any supported protocol," an advisory by iDefense warns.
Users are advised to update to a patched version of Trillian - version 3.1.6.0 - in order to guard against attack, as explained in an posting on Cerulean Studios' Trillian blog here. ®
Free whitepaper – Avoiding 7 common mistakes of IT security compliance
Analyst Keynote: The Register Agile Data Center Summit
What Exchange can't do - and Dell can
Enabling The Agile Data Center
Analyst Keynote: The Register Agile Data Center Summit
Breaching Fort Apache.org - What went wrong?
Snow Leopard security - The good, the bad and the missing
US Dems fill inboxes with 419 scams
BlockMaster SafeStick hardware-encrypted USB drive