Critical holes in Trillian Instant Messenger
May 22, 2008 – 5:51 AMSecurity service Zero Day Initiative (ZDI) has found three critical vulnerabilities that allow attackers to infect the computers of Trillian Instant Messenger users with malicious code. The vendor has responded by releasing an update to close the holes.
When processing XML through functions of the talk.dll
dynamic link library, malformed attributes for the IMG tag can cause data to be written beyond the limits of an allocated heap buffer. Attackers do not require to be authenticated to exploit this hole and inject and execute arbitrary code.
Missing length checks in the functions for parsing MSN MIME
headers (X-MMS-IM-FORMAT
) can lead to a stack-based buffer overflow. Again, attackers can exploit this vulnerability without prior authentication, and can inject malicious code simply by sending specially crafted messages to potential victims.
The aim.dll
library calls sprintf()
to process tag values without adequately sanitising the supplied parameters. When excess length attribute strings within the FONT
tag are submitted a buffer overflow may result, allowing attackers to execute arbitrary code under the privileges of the logged in user. To exploit this vulnerability, attackers need to either send specially crafted messages via the AIM protocol or establish a direct connection to their victims.
According to ZDI, vendor Cerulean Studios has fixed the vulnerabilities in Trillian version v3.1.10.0. Users of the software are advised to download and install the current version as soon as possible.