On Monday, security researchers have disclosed security vulnerabilities for both Yahoo! and Trillian IM clients.
The Bug concerning Yahoo! Messenger, is a buffer overflow flaw, which could be exploited by a specially crafted address book entry. When the exploit is taken advantage of the client responds by crashing as soon as it's hit by the exploit. This exploit although it causes the client to crash, could still be vulnerable to code execution, meaning the attacker could run its own malicious code, and therefore take control of your machine.
As for the Trillian IM Client, it is plagued by two vulnerabilities, after being patched about a month or two ago. Security researches have identified both of the vulnerabilities in Trillian to be caused by the AIM URI (uniform resource identifier). This exploit is very similar to the vulnerability found in both the Firefox/Internet Explorer browsers, last week. Researchers say:
"The first example shows the dangers of passing unfiltered arguments to programs that have registered URIs (much like the firefoxurl: vulnerability). The second example shows that even if arguments are sanitized [emphasis in original] by the browser, many programs can be remotely pwnd via registered URIs and poor development practices."
Vulnerabilities for both clients have yet to be patched. Neither Yahoo! nor Cerulean Studios have not stated when a patch would be released for these vulnerabilities. I advise users of these two clients to be use them with caution, and ensure that you have your virus/spyware protection software up to date.
[Via PC World]
No comments:
Post a Comment