Cerulean Studios has fixed multiple security flaws attackers could exploit in its popular Trillian chat program to intercept private conversations or run malicious code on targeted machines.
Trillian is a chat application that supports the IRC, ICQ, AIM and MSN protocols. It is popular among enterprise IT shops that see it as a cleaner, more secure alternative to other, more commercial IM applications.
VeriSign Inc.'s iDefense Labs unit warned in an advisory that Trillian's Internet Relay Chat (IRC) module includes several flaws attackers could exploit to access private chats and do other forms of damage.
"When handling long CTCP PING messages containing "UTF-8" characters, it is possible to cause the Trillian IRC client to return a malformed response to the server," iDefense said. "This malformed response is truncated and is missing the terminating newline character. This could allow the next line sent to the server to be improperly sent to an attacker."
Another problem is that when a user highlights a URL in an IRC message window, Trillian copies the data to an internal buffer. If the URL contains a long string of "UTF-8" characters, it is possible to overflow a heap-based buffer, corrupting memory in a way that could allow for code execution, iDefense said.
Meanwhile, the organization said, attackers can trigger a heap overflow remotely when the Trillian IRC module receives a message that contains a font face HTML tag with the face attribute set to a long "UTF-8 string."
The vulnerabilities were found in version 3.1, and iDefense said Cerulean Studios has addressed the flaws in Trillian 220.127.116.11.
Danish vulnerability clearinghouse Secunia rated the flaws highly critical because they are remotely exploitable and could lead to data exposure.