The Trillian Instant Messaging client contains a buffer overflow vulnerability that may allow an attacker to execute code.
A Uniform Resource Identifier (URI) is a string of characters that can be used to identify a location, resource, or protocol. The Trillian Instant Messenger client is an IM application that supports multiple services, including AOL Instant Messenger. Trillian registers itself as the default handler for aim: URIs during installation. Web browsers may pass URIs to other applications that have been registered to handle them.
A buffer overflow vulnerability exists in the Trillian Instant Messenger client. An attacker may exploit this vulnerability by convincing a user to open a malformed aim: URI inside of a web browser. When the web browser passes the malformed URI to the Trillian Instant Messenger client, the overflow may be triggered.
A remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user running Trillian.
This issue was disclosed by Nate Mcfeters, Billy (BK) Rios, Raghav "the Pope" Dube.
This document was written by Ryan Giobbi.
|Date First Published:||2007-07-16|
|Date Last Updated:||2007-07-20 18:36 UTC|