3/25/2005

Trillian IM flaw exposed

Filed under: — By Aviran Mordo @ 12:50 pm

Researchers have reported a vulnerability in the Trillian instant messaging application, adding to the rapid development of IM-related security threats.

Workers at LogicLibrary, a company that makes software development tools, including programs designed to catch bugs before applications go into production, said they have unearthed a potential flaw in the IM client made by Cerulean Studios.

According to LogicLibrary, the vulnerability could allow malicious-code writers to do anything from shutting down individual programs on computers running Trillian to gaining complete control of a machine’s operating system.

The company said the flaw in Cerulean’s software, revolves around an unbounded buffer problem in Trillian 3.1, the latest version of the application. However, LogicLibrary said the issue springs from a vulnerability it first found and reported to Cerulean in the Trillian 2.0 release of the IM software.

LogicLibrary said it began contacting Cerulean regarding the issue in 2003 but believes that future versions of Trillian failed to eliminate all the software’s flaws. The company believes that the same code that made Trillian 2.0 vulnerable has been copied directly into Trillian 3.1.

Source: News.com

 

One Response to “Trillian IM flaw exposed”

  1. dgs Says:

    TRILLIAN SUX

Leave a Reply

You must have Javascript enabled in order to submit comments.

All fields are optional (except comment).
Some comments may be held for moderation (depends on spam filter) and not show up immediately.
Links will automatically get rel="nofollow" attribute to deter spammers.

Powered by WordPress