• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Cerulean Studios Trillian Multiple IRC Module UTF-8 Vulnerabilities

Trillian is prone to multiple buffer-overflow issues and an information leak in its IRC module. These issues occur because the application fails to properly bounds-check user-supplied data before copying it into fixed-sized memory buffers and fails to respond properly to exceptional conditions.

Remote attackers may exploit these vulnerabilities to execute arbitrary machine code in the context of vulnerable Trillian clients or to steal the contents of client-server communications.

Trillian 3.1 is affected.

Further reports suggest these issues also affect the MSN and ICQ modules; other modules may also be affected. This BID will be updated pending further investigation.