Potential Trillian IM Exploit
March 25th, 2005 | by Mike G |http://news.com.com/Trill…37029&subj=news
I use Trillian everyday to chat with my colleagues who choose a selection of IM clients that have become a veritable Tower of Babble. But, according to C|Net LogicLibrary has discovered vulnerabilities in Trillian that could allow someone to execute malicious code on your machine.
According to LogicLibrary, the vulnerability could allow malicious-code writers to do anything from shutting down individual programs on computers running Trillian to gaining complete control of a machine’s operating system.
The company said the flaw in Cerulean’s software, which folds IM clients from multiple providers, including America Online, Microsoft and Yahoo, into one interface, revolves around an unbounded buffer problem in Trillian 3.1, the latest version of the application. However, LogicLibrary said the issue springs from a vulnerability it first found and reported to Cerulean in the Trillian 2.0 release of the IM software.
LogicLibrary said it began contacting Cerulean regarding the issue in 2003 but believes that future versions of Trillian failed to eliminate all the software’s flaws. The company believes that the same code that made Trillian 2.0 vulnerable has been copied directly into Trillian 3.1.
LogicLibrary representatives noted that there have been no reported examples of exploits designed to attack the vulnerability it found.
