Critical IM bugs hit Yahoo, Trillian

This forum is for related Instant Messaging threats for all IM clients

Moderators: Admin Team, Moderators

User avatar
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ

Critical IM bugs hit Yahoo, Trillian

Postby TeMerc » Tue Jul 17, 2007 11:56 am

Gregg Keizer

July 17, 2007 (Computerworld) -- Security researchers yesterday disclosed critical vulnerabilities in two popular Windows instant messaging clients, Yahoo Messenger and Trillian.

The Yahoo Messenger bug, which was posted to the Full Disclosure mailing list Monday by Rajesh Sethumadhavan, is a buffer overflow flaw that can be exploited with a specially crafted address book entry. Messenger immediately crashes when it encounters the malformed entry, said Sethumadhavan, but it may also be susceptible to code execution, meaning an attacker might be able to inject his own malicious code -- a keystroke stealer or a spam bot, for instance -- into a compromised PC.

Yahoo Inc. has not posted a patch for the vulnerability; the company did not immediately respond to a request for confirmation and comment.

Trillian, a multiservice client, also sports two bad bugs, said other researchers.

nwz Computer World

Return to “IM Threat Center”

Who is online

Users browsing this forum: No registered users and 2 guests