A vulnerability in Cerulean Studios Trillian Instant Messenger client may lead to execution of arbitrary code.
Cerulean Studios Trillian Instant Messenger client fails to properly handle specially crafted UTF-8 text. A heap overflow may occur when Trillian receives a messages with malformed UTF-8 strings.
A remote, authenticated attacker may be able to execute arbitrary code with the privileges of the user or cause a denial-of-service condition by sending the client a message.
Cerulean Studios has released an update to address this issue. See the Cerulean Studios Blog for more information.
This vulnerability was reported in iDefense Public Advisory 6.18.07. iDefense credits www.BlurredLogic.com with reporting this issue.
This document was written by Chris Taschner.
|Date First Published:||2007-06-20|
|Date Last Updated:||2007-06-29 16:18 UTC|