Heap overflow vulnerability that can be exploited by sending malicious UTF-8 encoded traffic. Window width may be improperly set when word-wrapping, leading to memory corruption and potential execution conditions.

Description:

It has been discovered that the Trillian chat application is vulnerable to an attack that could allow a remote attacker to take complete control over a vulnerable user's system, at the level of the current user. This vulnerability can be exploited by sending malicious network traffic to a user who is using Trillian as their chat client.

Mitigation:

Update to 3.1.6.0 at the earliest opportunity. There is no other mitigation recommended.

Updates:

http://www.ceruleanstudios.com

Source:

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=545

Exploits:

http://blog.ceruleanstudios.com/?p=150