News Stay informed about the latest enterprise technology news and product updates.

Flaw fixed in Trillian IM program

Cerulean Studios has released version 3.1.6.0 of its popular Trillian IM application, fixing a flaw attackers could exploit to run malicious code on targeted machines.

“iDefense Labs has notified us of a security vulnerability in Trillian 3.x, and we worked last week to resolve it and issue a patch,” the company said in its Trillian blog.

According to iDefense, Labs, the problem is a heap overflow vulnerability attackers could exploit to execute arbitrary code as the currently logged on user.

“The vulnerability specifically exists due to improper handling of UTF-8 sequences,” iDefense said. “When word-wrapping UTF-8 text, the window width is improperly used as a buffer size value. As such, heap corruption can occur leading to a potentially exploitable condition.”

Trillian is a popular multi-protocol chat application that supports the IRC, ICQ, AIM and MSN protocols.

Technorati Tags: , , ,

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close