Author Topic: WARNING to Trillian3 users!  (Read 3412 times)

0 Members and 1 Guest are viewing this topic.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
WARNING to Trillian3 users!
« on: March 08, 2005, 10:52:47 am »
Quote
##################################################################
#                                                                #
#               See-security Technologies ltd.                   #
#                                                                #
#                http://www.see-security.com                     #
#                                                                #
##################################################################

[-] Product Information
Trillian is a fully featured, stand-alone, skinnable chat client that supports AIM, ICQ, MSN, Yahoo Messenger, and IRC.

[-] Vulnerability Description
Trillian contains a buffer overflow vulnerability in the way it parse PNG Images

[-] Exploit
Proof of concept exploit code is available at http://www.hackingdefined.com/exploits/trillian3.tar.gz

[-] Exploitation Analysis
When triggering this vulnerability the return address is overwritten
and the ESP register points to user-controlled data
by crafting a malformed structure its possible to execute arbitrary code
The structrue is as follows
[Malformed PNG Header][shellcode][New return address][get back shellcode]

[-] Credits
The vulnerability was discovered and exploited by Tal zeltzer

There's a vulnerability and exploit code for it! Watch out!

Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: WARNING to Trillian3 users!
« Reply #1 on: March 08, 2005, 05:11:17 pm »
Yeah! Go Gaim!
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline Quik

  • Webmaster Guy
  • x86
  • Hero Member
  • *****
  • Posts: 3262
  • \x51 \x75 \x69 \x6B \x5B \x78 \x38 \x36 \x5D
    • View Profile
Re: WARNING to Trillian3 users!
« Reply #2 on: March 08, 2005, 07:21:30 pm »
There's been so many Trillian buffer overflow exploits that it's really not worth looking into anymore. You can drop the thing with like 5 lines of Perl code, or a few different ways with GAIM plugins. For this one, I'm assuming you have to directly connect, because otherwise there's not much of a way it can parse PNG images. Just connect to people you trust, is all.
Quote
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: WARNING to Trillian3 users!
« Reply #3 on: March 08, 2005, 07:39:49 pm »
I'm unsure if you can send a .png as a buddy icon, but if you can then that could be quite dangerous.

And judging by Trillian's track record, you can expect a fix in a few years :)

Offline Towelie

  • pwnstar
  • x86
  • Hero Member
  • *****
  • Posts: 4873
    • View Profile
Re: WARNING to Trillian3 users!
« Reply #4 on: March 11, 2005, 01:34:52 am »
maybe another 5, they are really fast....