View Full Version : Yahoo, Trillian - exploits posted

2007-07-21, 23:10

- http://preview.tinyurl.com/2ze7ls
July 17, 2007 (Computerworld) - "Security researchers yesterday disclosed critical vulnerabilities in two popular Windows instant messaging clients, Yahoo Messenger and Trillian. The Yahoo Messenger bug, which was posted to the Full Disclosure mailing list Monday by Rajesh Sethumadhavan, is a buffer overflow flaw that can be exploited with a specially crafted address book entry. Messenger immediately crashes when it encounters the malformed entry, said Sethumadhavan, but it may also be susceptible to code execution, meaning an attacker might be able to inject his own malicious code -- a keystroke stealer or a spam bot, for instance -- into a compromised PC..."

Latest version of Yahoo Messenger:
> http://www.majorgeeks.com/download.php?det=4235
(-without- the Yahoo toolbar/ ymsgr810_413_us.exe
v8.1.0.413 dated 2007-07-17)

- http://blog.ceruleanstudios.com/?cat=7
July 20, 2007 - "In response to the URI security vulnerability released this week, we have updated Trillian 3 to Auto-update should be firing for existing users, and you can use our download page* to grab a full installer if you are so inclined. We recommend that all existing Trillian 3.x customers download this latest upgrade..."
* http://www.ceruleanstudios.com/downloads/