Vulnerabilities Detected in Trillian, Update Required
Trillian is one of the most popular instant messaging clients namely thanks to the fact that it supports multiple instant messaging protocols, including Yahoo
Messenger, MSN Messenger, Jabber and many others. However, users of Trillian are advised to update the application as soon as possible to the latest version of the program due to several vulnerabilities found in previous releases, Secunia wrote in a notification published today. No less than three security glitches were discovered in Trillian, all of them allowing a potential attacker to compromise the affected system.
Comments: Trillian in action
Here are the three security vulnerabilities explained by Secunia:
"A boundary error within the header parsing code for the MSN protocol can be exploited to cause a stack-based buffer overflow via a specially crafted X-MMS-IM-FORMAT header with an overly long attribute."
"An error within the XML parsing in talk.dll can be exploited to cause a memory corruption via certain malformed attributes within an 'IMG' tag."
"A boundary error when parsing messages (e.g. via the AIM network) with overly long attribute values within the FONT tag can be exploited to cause a stack-based buffer overflow."
All the three vulnerabilities allow the execution of arbitrary codes but only the last one requires the attacker to lure vulnerable users into opening a malicious picture that could permit him to compromise their computers.
As mentioned, the update to Trillian 3.1.10.0 is the only way to stay on the safe side and avoid a potential exploit of the security glitches reported today by Secunia. Moreover, note that both Trillian Basic and Trillian Pro are affected by the glitches. If you wish to download the latest versions of Trillian Basic and Pro, you can find both of them on our Windows download section, right here, on Softpedia.
[Source: softpedia]
Post a Comment