Text bug blights Trillian

Users of the popular Trillian instant messaging client need to update their software following the discovery of a serious security bug. The multi-protocol chat application from Cerulean Studios is subject to a heap overflow vulnerability because of programming errors involving the word-wrapping of UTF-8 text.

As a result, hackers might be able to crash versions of the application, thereby loading exploit code onto vulnerable systems. Viewing a malicious message containing a specially malformed UTF-8 string would be enough to trigger the attack. "The MSN protocol is a known attack vector for this vulnerability. However, exploitation could potentially occur using any supported protocol," an advisory by iDefense warns.

View: The full story
News source: The Reg

Report a problem with article
Previous Story

Novell offers Linux service pack

Next Story

'Italian job' attacks spread worldwide


Commenting is disabled on this article.

way to go, register. stirring up crap regarding something they've already patched up/fixed. excellent reporting, lads.

Hah. I've crashed my friend's Trillian client so many times with simple UTF-8 strings. It's great.

I'm not evil. I swear.