Trillian Vulnerability

Trillian Vulnerability

Trillian Vulnerability in 3.1.5.1

A vulnerability has been found in Trillian 3.x.  The description of the problem is that remote exploitation of a heap overflow vulnerability in Triillian could permit an attacker to run random code as the currently logged in user.

This vulnerability specifically exists due to improper handling of UTF – 8 sequences.  When word-wrapping UTF-8 text, the window width is improperly utilized as a buffer size value. As such, heap corruption can occur leading to a potentially exploitable condition.

Exploitation of this vulnerability could allow remote attackers to run random code under the currently logged in user’s name. This occurs simply by view a malicious message that contains a specially built UTF -8  string.

MSN protocol is a known attack vector for this vulnerability. However, exploitation could potentially come from any supported protocol.

This vulnerability is found in Trillian 3.1.5.1. Early versions are suspected to be vunerable. We are unaware of a workaround.

Cerulean Studios, makers of Trillian, have addressed this problem by releasing version 3.1.6.0 of Trillian.

In non-technical terms, Trillian has a way to let malware and spyware on to your computer through Trillian. When you view a message, the opening for the spyware/malware is available.  Supposedly, someone trying to run some software on your machine could do so through this opening. The opening or breach is found in Trillian version 3.1.5.1 but could be in earlier versions. You should upgrade immediately to 3.1.6.0.

Copyright 2007 BHO Technologists -- Trillion Messenger