Text bug blights Trillian

Users of the popular Trillian instant messaging client need to update their software following the discovery of a serious security bug. The multi-protocol chat application from Cerulean Studios is subject to a heap overflow vulnerability because of programming errors involving the word-wrapping of UTF-8 text.

As a result, hackers might be able to crash versions of the application, thereby loading exploit code onto vulnerable systems. Viewing a malicious message containing a specially malformed UTF-8 string would be enough to trigger the attack. "The MSN protocol is a known attack vector for this vulnerability. However, exploitation could potentially occur using any supported protocol," an advisory by iDefense warns.

View: The full story
News source: The Reg

Report a problem with article
Previous Story

Spybot - Search and Destroy 1.5 Beta [6/19/2007]

Next Story

'Italian job' attacks spread worldwide

3 Comments

Commenting is disabled on this article.


way to go, register. stirring up crap regarding something they've already patched up/fixed. excellent reporting, lads.

Hah. I've crashed my friend's Trillian client so many times with simple UTF-8 strings. It's great.

I'm not evil. I swear.