‘Highly Critical’ Flaws Impair Trillian IM
Security researchers on May 22, 2008 alerted all people using the famous Trillian Instant Messaging (IM) client about three critical security holes in the software that could allow hijacking their Windows computers.
The first bug relating to a boundary fault in the header when parsing script for the MSN properties can be abused to lead to a buffer overflow using a specially designed X-MMS-IM-FORMAT header with a lengthy attribute. If the exploitation is successful, it allows running an arbitrary code.
The second bug relating to a fault in the XML parsing in talk.dll can be abused to lead to corruption of memory via certain deformed attributes in the 'IMG' tag. Here too, if the exploitation is successful, it allows running an arbitrary code.
The last bug called the aim.
» SPAMfighter News - 02-06-2008