On The Insider: Britney's Bikini-Clad Top 10
BNET Business Network:
BNET
TechRepublic
ZDNet

May 22nd, 2008

Gaping holes in Trillian IM client

Posted by Ryan Naraine @ 1:40 pm

Categories: Arbitrary Code Execution, Browsers, Data theft, Exploit code, Patch Watch, Responsible disclosure, Vulnerability research

Tags: User Interaction, Vulnerability, Trillian, IM Client, Trillian User, Security, Ryan Naraine

Gaping holes in TrillianTrillian users beware:  There are multiple serious security holes in the popular cross-platform IM application.

According to alerts issued by TippingPoint’s Zero Day Initiative (ZDI), the vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of Trillian Pro.

Trillian users are strongly encouraged to download and apply Trillian v3.1.10.0, which fixes the underlying vulnerabilities.

Vulnerability # 1:  The specific flaw exists within XML parsing in talk.dll. When processing certain malformed attributes within an ‘IMG’ tags, it is possible to overwrite past an allocated heap chunk which can eventually lead to code execution under the context of the currently user. Authentication is not required to exploit this vulnerability.

Vulnerability #2: The specific flaw exists within the header parsing code for the MSN protocol. When processing the X-MMS-IM-FORMAT header, certain attributes are copied into a buffer located on the stack without any length verification which can eventually lead to code execution with the privileges of the user that is running the application. Authentication is not required to exploit this vulnerability.

Vulnerability #3: The specific flaws exists during the parsing of messages with overly long attribute values within the FONT tag. The value for any attribute is copied into a stack based buffer via sprintf() which can result in a buffer overrun and can be subsequently leveraged to execute arbitrary code under the privileges of the logged in user. Exploitation may occur over the AIM network or via direct connections. User interaction is required to exploit this vulnerability in that the target must open a malicious image file.

The patches can be found via Trillian’s Help > Check for Updates feature.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?

  • Talkback
  • Most Recent of 9 Talkback(s)
RE: Gaping holes in Trillian IM client
I use Trillian (version 3.1.9.0) and I had to go to the Trillian website to download the update. Opening up the program and going to Help, Update it gave me a message that updates were not available. ... (Read the rest)
Posted by: avatar-computer.com Posted on: 05/27/08 You are currently: a Guest | | Terms of Use
Showing its age  AySz88 | 05/22/08
RE: Gaping holes in Trillian IM client  nmcfeters | 05/22/08
If they release for Mac, will you run it?  klumper | 05/23/08
Adium (Trillian for Mac)  Ryan NaraineZDNet Moderator | 05/24/08
and you can't GET the new version!!  semi-adult | 05/23/08
For IM programmes, you have another option!  superbus | 05/23/08
that's tooo easy (nt)  n0neXn0ne | 05/24/08
RE: Gaping holes in Trillian IM client  Aragorn@... | 05/23/08
RE: Gaping holes in Trillian IM client  avatar-computer.com | 05/27/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here