Text bug blights Trillian | The Register

Skip to content

Security:

News Tools

Reg Shops

Top Stories

Read more top stories

Related Whitepapers

Enabling the Data Center Metamorphosis
From Fixed To Fluid
Eliminating the Security Risk of Sending Confidential Information by Email
Email Encryption
Gartner Paper: US Data Centers - The Calm Before the Storm
How to handle future energy demands
Search Engine Link Spam
Risks, Threats, Solution
Solution Brief: Reduce Energy Costs
With Green IT Solutions
The Botnet Threat
Targeting Your Busines

The Register » Security »

Text bug blights Trillian

Rather Dented

By John Leyden → More by this author

Published Tuesday 19th June 2007 11:09 GMT

Gartner Report: How IT Management Can "Green" the Data Center - Free Download

Users of the popular Trillian instant messaging client need to update their software following the discovery of a serious security bug.

The multi-protocol chat application from Cerulean Studios is subject to a heap overflow vulnerability because of programming errors involving the word-wrapping of UTF-8 text.

As a result, hackers might be able to crash versions of the application, thereby loading exploit code onto vulnerable systems. Viewing a malicious message containing a specially malformed UTF-8 string would be enough to trigger the attack.

"The MSN protocol is a known attack vector for this vulnerability. However, exploitation could potentially occur using any supported protocol," an advisory by iDefense warns.

Users are advised to update to a patched version of Trillian - version 3.1.6.0 - in order to guard against attack, as explained in an posting on Cerulean Studios' Trillian blog here. ®

Free Analyst Paper: Overcoming Energy Demands on US Data Centers

1 comment posted — Comment period finished

Don't Panic!

Posted: 09:57 20th June 2007

Track this type of story as a custom Atom/RSS feed or by email.

Related stories

Trillian blighted by security bug trio (23 May 2008)
Yahoo! battered by second ActiveX vulnerability (3 September 2007)
Yahoo! patch squashes messenger bug (8 June 2007)
Skype worm leaps onto MSN (24 May 2007)
Skype IM malware smut surfaces (16 April 2007)
Microsoft and Yahoo! 'to merge IM chat' (12 October 2005)
AOL blocks Trillian IM access (31 January 2002)

Post to Slashdot

Add to del.icio.us

Previous Article

whitepaper title

Enabling the Data Center Metamorphosis

This independent analyst paper gives real world advice on transforming your datacenter into a streamlined, dynamic, liquid engine capable of handling growth..

whitepaper title

Eliminating the Security Risk of Sending Confidential Information by Email

80% of security breaches are caused by people inside a company. Learn how to eliminate the risks of emailing confidential information.

Whitepapers	Jobs
SSL in High-Security Browsers The Data Governance Maturity Model Making mobility manageable How To Tackle Enterprise Spyware	We Are Still Hiring Experienced Perl Developers! Perl programmer: Challenging projects, brilliant coworkers Perl Developer 2 perl scripts for online retail business small job Infrastructure/Perl Developer (Financial Firm)

How IT Management Can "Green" the Data Center

A Gartner Report

Download for free NOW

Top 20 stories • All The Week’s Headlines • Archive • Search