Critical holes in Trillian Instant MessengerMay 22, 2008 – 5:51 AM
Security service Zero Day Initiative (ZDI) has found three critical vulnerabilities that allow attackers to infect the computers of Trillian Instant Messenger users with malicious code. The vendor has responded by releasing an update to close the holes.
When processing XML through functions of the
talk.dll dynamic link library, malformed attributes for the IMG tag can cause data to be written beyond the limits of an allocated heap buffer. Attackers do not require to be authenticated to exploit this hole and inject and execute arbitrary code.
Missing length checks in the functions for parsing
MSN MIME headers (
X-MMS-IM-FORMAT) can lead to a stack-based buffer overflow. Again, attackers can exploit this vulnerability without prior authentication, and can inject malicious code simply by sending specially crafted messages to potential victims.
aim.dll library calls
sprintf() to process tag values without adequately sanitising the supplied parameters. When excess length attribute strings within the
FONT tag are submitted a buffer overflow may result, allowing attackers to execute arbitrary code under the privileges of the logged in user. To exploit this vulnerability, attackers need to either send specially crafted messages via the AIM protocol or establish a direct connection to their victims.
According to ZDI, vendor Cerulean Studios has fixed the vulnerabilities in Trillian version v220.127.116.11. Users of the software are advised to download and install the current version as soon as possible.