Site Network: Beskerming.com | Skiifwrald.com | Jongsma & Jongsma

Security for All

Sûnnet Beskerming is a company with a focus and a drive to provide Information Security services for all those who want to stay safe and secure in an online world.

Username: | Password: Contact us to request an account

Trillian - Remote hacker automatic control

Version: 3.1.5.1 and prior.
Technical Details:

Heap overflow vulnerability that can be exploited by sending malicious UTF-8 encoded traffic. Window width may be improperly set when word-wrapping, leading to memory corruption and potential execution conditions.

Description:

It has been discovered that the Trillian chat application is vulnerable to an attack that could allow a remote attacker to take complete control over a vulnerable user's system, at the level of the current user. This vulnerability can be exploited by sending malicious network traffic to a user who is using Trillian as their chat client.

Mitigation:

Update to 3.1.6.0 at the earliest opportunity. There is no other mitigation recommended.

Updates:

http://www.ceruleanstudios.com

Source:

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=545

Exploits:

External Tracking Data:

http://blog.ceruleanstudios.com/?p=150


Social bookmark this page