News Stay informed about the latest enterprise technology news and product updates.

Multiple flaws in Trillian chat program

Attackers could access sensitive information and run malicious code by exploiting multiple flaws in Trillian, a chat program popular in many enterprises.

Cerulean Studios has fixed multiple security flaws attackers could exploit in its popular Trillian chat program...

to intercept private conversations or run malicious code on targeted machines.

Trillian is a chat application that supports the IRC, ICQ, AIM and MSN protocols. It is popular among enterprise IT shops that see it as a cleaner, more secure alternative to other, more commercial IM applications.

IM security:
Quiz: Secure instant messaging: A five-question multiple choice quiz to test your understanding of the content presented in the Secure instant messaging lesson of's Messaging Security School.

IM too critical a business app to ban: Despite reported security risks, companies shouldn't ban employees from using instant messaging (even if they could).

How to selectively block instant messages: Monitoring instant messaging traffic isn't easy, especially when constantly evolving IM applications are designed to exploit firewall vulnerabilities.'s application security expert Michael Cobb reviews the best methods to secure against IM threats.

VeriSign Inc.'s iDefense Labs unit warned in an advisory that Trillian's Internet Relay Chat (IRC) module includes several flaws attackers could exploit to access private chats and do other forms of damage.

"When handling long CTCP PING messages containing "UTF-8" characters, it is possible to cause the Trillian IRC client to return a malformed response to the server," iDefense said. "This malformed response is truncated and is missing the terminating newline character. This could allow the next line sent to the server to be improperly sent to an attacker."

Another problem is that when a user highlights a URL in an IRC message window, Trillian copies the data to an internal buffer. If the URL contains a long string of "UTF-8" characters, it is possible to overflow a heap-based buffer, corrupting memory in a way that could allow for code execution, iDefense said.

Meanwhile, the organization said, attackers can trigger a heap overflow remotely when the Trillian IRC module receives a message that contains a font face HTML tag with the face attribute set to a long "UTF-8 string."

The vulnerabilities were found in version 3.1, and iDefense said Cerulean Studios has addressed the flaws in Trillian

Danish vulnerability clearinghouse Secunia rated the flaws highly critical because they are remotely exploitable and could lead to data exposure.

Dig Deeper on Email and Messaging Threats-Information Security Threats

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.