Text bug blights Trillian | The Register

Skip to content

Security:

News Tools

Reg Shops

Top Stories

Read more top stories

Related Whitepapers

The Perfect (Virtual) Marriage
Deduplication and VMware
Solution Brief: Reduce Energy Costs
With Green IT Solutions
Server Consolidation and Containment
With Virtual Infrastructure
Making Green IT a Reality
Customer Perspectives on the Impact of Storage Vendor Decisions on Power, Cooling, & Space in Enterprise Data Centers
Enabling the Data Center Metamorphosis
From Fixed To Fluid
Gartner Paper: US Data Centers - The Calm Before the Storm
How to handle future energy demands

The Register » Security »

Text bug blights Trillian

Rather Dented

By John Leyden → More by this author

Published Tuesday 19th June 2007 11:09 GMT

Gartner Report: How IT Management Can "Green" the Data Center - Free Download

Users of the popular Trillian instant messaging client need to update their software following the discovery of a serious security bug.

The multi-protocol chat application from Cerulean Studios is subject to a heap overflow vulnerability because of programming errors involving the word-wrapping of UTF-8 text.

As a result, hackers might be able to crash versions of the application, thereby loading exploit code onto vulnerable systems. Viewing a malicious message containing a specially malformed UTF-8 string would be enough to trigger the attack.

"The MSN protocol is a known attack vector for this vulnerability. However, exploitation could potentially occur using any supported protocol," an advisory by iDefense warns.

Users are advised to update to a patched version of Trillian - version 3.1.6.0 - in order to guard against attack, as explained in an posting on Cerulean Studios' Trillian blog here. ®

Free Analyst Paper: Overcoming Energy Demands on US Data Centers

1 comment posted — Comment period finished

Don't Panic!

Posted: 09:57 20th June 2007

Track this type of story as a custom Atom/RSS feed or by email.

Related stories

Trillian blighted by security bug trio (23 May 2008)
Yahoo! battered by second ActiveX vulnerability (3 September 2007)
Yahoo! patch squashes messenger bug (8 June 2007)
Skype worm leaps onto MSN (24 May 2007)
Skype IM malware smut surfaces (16 April 2007)
Microsoft and Yahoo! 'to merge IM chat' (12 October 2005)
AOL blocks Trillian IM access (31 January 2002)

Post to Slashdot

Add to del.icio.us

Previous Article

whitepaper title

The Perfect (Virtual) Marriage

Get consistent virtual machine storage savings of 50% (often as high as 90%) with virtually no performance impact with NetApp deduplication..

whitepaper title

Solution Brief: Reduce Energy Costs

Energy consumption has become a big issue. Dramatically increase server utilization and significantly reduce energy costs through Virtualization..

Whitepapers	Jobs
SSL in High-Security Browsers The Data Governance Maturity Model Making mobility manageable How To Tackle Enterprise Spyware	Perl programmer: Challenging projects, brilliant coworkers Perl/Financial Application Developers perl programmer / LAMP developer Perl Engineer Senior Perl Programmer, Telecom ASP

How IT Management Can "Green" the Data Center

A Gartner Report

Download for free NOW

Top 20 stories • All The Week’s Headlines • Archive • Search