Security hole in Trillian 2 reported (carried into 3 in Yahoo component)

You are here: Home › Blog

Security hole in Trillian 2 reported (carried into 3 in Yahoo component)

A security hole was found by a research group in Trillian. Here are the specs

LogicLibrary Uncovers Security Gap in Trillian

The vulnerability originally appeared in Trillian 2.0. It was compounded because the same vulnerable code was included in several different components and locations. Although many instances of the bug were addressed in Trillian 3.0, at least two vulnerabilities persisted in the Yahoo IM component.

According to LogicLibrary, these exploitable unbounded buffer-iteration problems remain in the current product version, Trillian 3.1. There are at least two exploitable yahoo.dll buffer iteration bugs -- one is at 0x520296c6 and the other is at 0x5201a05f.

No patch noted yet but I would definitely be on the lookout for one shortly from Trillian.

blog comments powered by Disqus

On Friday, March 25th, 2005 by Chris Miller

Next Document

Previous Document

IdoNotes (and sleep)

Blog

Blog Search

Advertisements

Everything Else

Sponsor

Google Custom Searches

Subscribe

Recent Tweets

Hosting by

Security hole in Trillian 2 reported (carried into 3 in Yahoo component)

On Friday, March 25th, 2005 by Chris Miller

About Me

Feed & Subscribe

Contact

Random Flickr Photos