WARNING to Trillian3 users!

[iago]

##################################################################
#                                                                #
#               See-security Technologies ltd.                   #
#                                                                #
#                http://www.see-security.com                     #
#                                                                #
##################################################################

[-] Product Information
Trillian is a fully featured, stand-alone, skinnable chat client that supports AIM, ICQ, MSN, Yahoo Messenger, and IRC.

[-] Vulnerability Description
Trillian contains a buffer overflow vulnerability in the way it parse PNG Images

[-] Exploit
Proof of concept exploit code is available at http://www.hackingdefined.com/exploits/trillian3.tar.gz

[-] Exploitation Analysis
When triggering this vulnerability the return address is overwritten
and the ESP register points to user-controlled data
by crafting a malformed structure its possible to execute arbitrary code
The structrue is as follows
[Malformed PNG Header][shellcode][New return address][get back shellcode]

[-] Credits
The vulnerability was discovered and exploited by Tal zeltzer

There's a vulnerability and exploit code for it! Watch out!

[Joe]

Yeah! Go Gaim!

[Quik]

There's been so many Trillian buffer overflow exploits that it's really not worth looking into anymore. You can drop the thing with like 5 lines of Perl code, or a few different ways with GAIM plugins. For this one, I'm assuming you have to directly connect, because otherwise there's not much of a way it can parse PNG images. Just connect to people you trust, is all.

[iago]

I'm unsure if you can send a .png as a buddy icon, but if you can then that could be quite dangerous.

And judging by Trillian's track record, you can expect a fix in a few years

[Towelie]

maybe another 5, they are really fast....