Gaping holes in Trillian IM client

Summary:Trillian users beware:  There are multiple serious security holes in the popular cross-platform IM application.According to alerts issued by TippingPoint's Zero Day Initiative (ZDI), the vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of Trillian Pro.

Gaping holes in Trillian
Trillian users beware:  There are multiple serious security holes in the popular cross-platform IM application.

According to alerts issued by TippingPoint's Zero Day Initiative (ZDI), the vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of Trillian Pro.

Trillian users are strongly encouraged to download and apply Trillian v3.1.10.0, which fixes the underlying vulnerabilities.

Vulnerability # 1:  The specific flaw exists within XML parsing in talk.dll. When processing certain malformed attributes within an 'IMG' tags, it is possible to overwrite past an allocated heap chunk which can eventually lead to code execution under the context of the currently user. Authentication is not required to exploit this vulnerability.

Vulnerability #2: The specific flaw exists within the header parsing code for the MSN protocol. When processing the X-MMS-IM-FORMAT header, certain attributes are copied into a buffer located on the stack without any length verification which can eventually lead to code execution with the privileges of the user that is running the application. Authentication is not required to exploit this vulnerability.

Vulnerability #3: The specific flaws exists during the parsing of messages with overly long attribute values within the FONT tag. The value for any attribute is copied into a stack based buffer via sprintf() which can result in a buffer overrun and can be subsequently leveraged to execute arbitrary code under the privileges of the logged in user. Exploitation may occur over the AIM network or via direct connections. User interaction is required to exploit this vulnerability in that the target must open a malicious image file.

The patches can be found via Trillian's Help > Check for Updates feature.

Topics: Security

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.