Blog

Security hole in Trillian 2 reported (carried into 3 in Yahoo component)


Tags :


A security hole was found by a research group in Trillian.  Here are the specs

LogicLibrary Uncovers Security Gap in Trillian

The vulnerability originally appeared in Trillian 2.0. It was compounded because the same vulnerable code was included in several different components and locations. Although many instances of the bug were addressed in Trillian 3.0, at least two vulnerabilities persisted in the Yahoo IM component.

According to LogicLibrary, these exploitable unbounded buffer-iteration problems remain in the current product version, Trillian 3.1. There are at least two exploitable yahoo.dll buffer iteration bugs -- one is at 0x520296c6 and the other is at 0x5201a05f.

No patch noted yet but I would definitely be on the lookout for one shortly from Trillian.