CIO Today
CIO Today Network Sites:   Top Tech News  |   CIO Today   |   Mobile Tech Today   |   Data Storage Today
Daily Briefing for Technology's Top Decision-Makers
Tuesday, February 9th 
Home
Enterprise Software
Enterprise Hardware
Network Security
Compliance
CRM Systems
Data Storage
Chips & Processors
Operating Systems
Communications
World Wide Web
Wireless Tech
Small Business
CIO Issues
Business Briefing
After Hours
Press Releases
 

Advertisement
Network Security

LogicLibrary Uncovers Security Gap in Trillian

LogicLibrary Uncovers Security Gap in Trillian By CIO Today Staff
March 25, 2005 2:35PM

Bookmark and Share
The vulnerability originally appeared in Trillian 2.0. It was compounded because the same vulnerable code was included in several different components and locations. Although many instances of the bug were addressed in Trillian 3.0, at least two vulnerabilities persisted in the Yahoo IM component.


LogicLibrary Friday announced it has uncovered a potential security vulnerability in the Trillian instant-messaging client, produced by Cerulean Studios. The consequences of this vulnerability could range from an inconvenient program shut-down to a malicious hacker being able to gain control of a computer's operating system Relevant Products/Services.

Trillian is an all-in-one instant messaging client used by over a million people on Windows Relevant Products/Services operating systems. Supporting AIM, ICQ, MSN, Yahoo Messenger and IRC, Trillian allows users to be on several instant-message and chat networks at the same time, using just a single client.

Its extensible plug-in system, for services such as AIM, Yahoo, MSN and RSS, connects to an external Web server Relevant Products/Services at various points. LogicLibrary's BugScan, an automated application-security analysis technology, discovered a buffer iteration overflow in Trillian's handling of HTTP 1.1 response headers in several of these plug-in components.

The vulnerability originally appeared in Trillian 2.0. It was compounded because the same vulnerable code was included in several different components and locations. Although many instances of the bug were addressed in Trillian 3.0, at least two vulnerabilities persisted in the Yahoo IM component.

According to LogicLibrary, these exploitable unbounded buffer-iteration problems remain in the current product version, Trillian 3.1. There are at least two exploitable yahoo.dll buffer iteration bugs -- one is at 0x520296c6 and the other is at 0x5201a05f.

Buffer overflows can result in arbitrary malicious code being executed on a vulnerable computer. An attacker can potentially gain control over the system being attacked, putting items such as private documents, sensitive financial information Relevant Products/Services and e-mail at risk.

It is recommended that Trillian users update their version to the latest 3.1 release and avoid using the Yahoo IM component until Trillian issues a patch.

Advertisement

Also Visit:


 Network Security
1. China Cyberattacks: Pervasive Threat
2. Patch Tuesday Will Tie MS Record
3. Cybersecurity Appears Hot for 2010
4. EPIC Objects To Google-NSA Ties
5. Torrent Traps Used To Harvest Logins

Have an informed opinion on this story?
Send a Letter to the Editor.
We want to know what you think.
Send us your Feedback.

 Related Topics  Latest News & Special Reports
trillian
security
hold
logiclibrary

  Macworld Focuses on Mobile Apps
  MS: Windows 7 Doesn't Hurt Battery
  Nexus One 'Support' Passes the Buck
  MS: Russian Pirates Scamming Us
  Google May Make Gmail More Social

 Technology Marketplace
Compliance
Stand out from other IS Professionals and increase your earning potential.®).
 
Enterprise Hardware
Now is the best time to buy a new APC Smart-UPS!
HP ProLiant G6 Servers: Perform like a superstar, Save like an accountant www.hp.com
 
Enterprise I.T.
Learn how Microsoft server upgrades can create efficiencies
Stand out from other IS Professionals and increase your earning potential.®).
 
Hardware
Find out why now is the best time to buy a new APC Smart-UPS!
 
Microsoft/Windows
Read about how to add efficiencies with Microsoft Virtualization.
 
Network Security
AT&T Synaptic Compute as a Service. Boost your power on demand.
 
Mobile Enterprise Spotlight

To Love or Not To Love: Apple iPad Pros and Cons
Now that the iPad has officially been announced, opinions are rolling in on this device that combines the features of an iPod, e-reader, and tablet PC. Will the iPad turn fewer heads than the iPhone?
Analysts See iPad Price Drop, with Some Cannibalization
Just weeks before Apple officially rolls out the iPad, financial analysts are making pricing predictions. But could the analysis itself hinder the initial demand for the pricey tablet computer?
Bar Codes Go Mobile, Get Hip Again
For decades, retailers have used patterns of black dots and lines to encode data onto products. Now, bar codes are gaining favor as an easy way for cell-phone users to view ads and other data instantly.

 Advertisement
Enterprise Software Spotlight

Google May Add Facebook, Twitter Links to Gmail
Google will reportedly roll more social-networking features into Gmail, the fastest-growing e-mail service. The new features could save users the trouble of switching to Facebook or Twitter.
SAP CEO Abruptly Resigns; Co-CEOs Will Take Over
Business-software maker SAP announced an abrupt strategic shift in the corporate suite with CEO Léo Apotheker resigning, to be replaced by co-CEOs Bill McDermott (left) and Jim Hagemann Snabe (right).
Cybersecurity Vendors Look Hot in 2010
Tech-security companies are poised to become Wall Street darlings this year, thanks in part to Google's tiff with China, which reinforced an already positive outlook for major security vendors.

 Advertisement
Enterprise Hardware Spotlight

Microsoft Says Battery Woes Not Caused By Windows 7
Battery problems on Windows 7 machines are not caused by the operating system. That's the position of Stephen Sinofsky, head of the Windows division, in a long posting on the Windows engineering blog.
IBM's New POWER7 Servers Save Energy with Big Loads
IBM has unveiled high-capacity servers that are the first to be based on its new, multi-core POWER7 chip. It said the new line is designed "to manage the most demanding emerging applications."
'Dead Simple, Dirt Cheap' JooJoo Tablet Shipping Soon
The JooJoo, a web-browsing tablet device that is the subject of a high-profile legal dispute, appears on track to reach buyers at the end of February, but the tablet scene has dramatically changed.

 Advertisement
Enterprise Security Spotlight

Chinese Cyberattacks Seen as a Pervasive Threat
Google's accusation that e-mail accounts were hacked from China landed like a bombshell because it cast light on a problem few firms will discuss: the pervasive threat from China-based cyberattacks.
Patch Tuesday Release Will Tie Microsoft's Record
After a light start to the year, Microsoft is getting ready to dump a heavy load on the shoulders of IT administrators. On Patch Tuesday next week, Microsoft will release 13 patches.
Cybersecurity Vendors Look Hot in 2010
Tech-security companies are poised to become Wall Street darlings this year, thanks in part to Google's tiff with China, which reinforced an already positive outlook for major security vendors.

 Advertisement
Navigation
CIO Today
Home/Top News | Enterprise Software | Enterprise Hardware | Network Security | Compliance | CRM Systems | Data Storage
Chips & Processors | Operating Systems | Communications | World Wide Web | Wireless Tech | Small Business | CIO Issues
Business Briefing | After Hours | Press Releases
Also visit these Enterprise Technology Sites
Top Tech News | CIO Today | Mobile Tech Today | Data Storage Today

Services:
FreeNewsFeed | Free Newsletters | Free Whitepapers | XML/RSS Feed

About CIO Today Network | How To Contact Us | Article Reprints | Services for PR Pros (In partnership with NewsFactor) | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2010 CIO Today. All rights reserved. Article rating technology by Blogowogo.