Smokey's Security Weblog

veritas odium parit

Highly critical vulnerability in Trillian

Juan Pablo Lopez Yacubian found a highly critical flaw in the popular Trillian chat client that supports AIM, ICQ, MSN, Yahoo Messenger, and IRC.

Secunia: the vulnerability is caused due to an error within the processing of “Display Names” in messages. This can be exploited to cause a memory corruption by e.g. setting the “Display Name” to a specially crafted, overly long string and sending an overly long message to another user using the MSN protocol.

The flaw affect Trillian Basic v3.x and Trillian Pro v3.x

At the moment of writing this vulnerability is still unpatched so take care and add only trusted users to the contact list!

Source: Neohapsis


April 27, 2008 - Posted by | Advisories, Alerts, Downloads, News, Recommended External Security Related Links, Vulnerabilities | , , , , , , , , , , , ,

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: