News Stay informed about the latest enterprise technology news and product updates.

Flaw fixed in Trillian IM program

Cerulean Studios has released version of its popular Trillian IM application, fixing a flaw attackers could exploit to run malicious code on targeted machines.

“iDefense Labs has notified us of a security vulnerability in Trillian 3.x, and we worked last week to resolve it and issue a patch,” the company said in its Trillian blog.

According to iDefense, Labs, the problem is a heap overflow vulnerability attackers could exploit to execute arbitrary code as the currently logged on user.

“The vulnerability specifically exists due to improper handling of UTF-8 sequences,” iDefense said. “When word-wrapping UTF-8 text, the window width is improperly used as a buffer size value. As such, heap corruption can occur leading to a potentially exploitable condition.”

Trillian is a popular multi-protocol chat application that supports the IRC, ICQ, AIM and MSN protocols.

Technorati Tags: , , ,

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.