Quote##################################################################
# #
# See-security Technologies ltd. #
# #
# http://www.see-security.com #
# #
##################################################################
[-] Product Information
Trillian is a fully featured, stand-alone, skinnable chat client that supports AIM, ICQ, MSN, Yahoo Messenger, and IRC.
[-] Vulnerability Description
Trillian contains a buffer overflow vulnerability in the way it parse PNG Images
[-] Exploit
Proof of concept exploit code is available at http://www.hackingdefined.com/exploits/trillian3.tar.gz
[-] Exploitation Analysis
When triggering this vulnerability the return address is overwritten
and the ESP register points to user-controlled data
by crafting a malformed structure its possible to execute arbitrary code
The structrue is as follows
[Malformed PNG Header][shellcode][New return address][get back shellcode]
[-] Credits
The vulnerability was discovered and exploited by Tal zeltzer
There's a vulnerability and exploit code for it! Watch out!
Yeah! Go Gaim!
There's been so many Trillian buffer overflow exploits that it's really not worth looking into anymore. You can drop the thing with like 5 lines of Perl code, or a few different ways with GAIM plugins. For this one, I'm assuming you have to directly connect, because otherwise there's not much of a way it can parse PNG images. Just connect to people you trust, is all.
I'm unsure if you can send a .png as a buddy icon, but if you can then that could be quite dangerous.
And judging by Trillian's track record, you can expect a fix in a few years :)
maybe another 5, they are really fast....