Quantcast
PC World: Technology Advice You Can Trust
Search
Browse by Topic
Subscribe to magazine

Magazine

Subscribe & Get
a Bonus CD

Customer Service

Audio & Video Business Center Cameras Cell Phones & PDAs Desktop PCs Gadgets Gaming HDTV Laptops Macs & iPods Monitors Printers Software Spyware & Security Storage Upgrading Windows Vista & XP
Resource Centers
Asus Notebook Center
Intel Technology Center
CDW Solution Center
Lenovo Laptop Showcase
Try It Free
White Paper Library
Webcast Library
Most Popular Search Terms
Most Popular Products
Most Popular Downloads
Today at PC World
Today @ PC World
News, opinion, and links from the PC World staff.
Recent entries in this blog:
Tuesday, June 19, 2007 1:02 PM PT Posted by Stuart Johnston

Critical Update for Trillian Chat Client

Cerulean Studios has issued an update to its Trillian ICQ, IRC, IM multi-protocol chat client that fixes a critical security hole in the popular software.

Security researcher iDefense originally found the trouble and alerted Cerulean last week which hurried out the patched version. The iDefense alert points out that this is a "heap overflow" condition problem, which is similar to a buffer overflow, which I've talked about before.

The trick to this kind of exploit is to . . . well, trick the IM client software by sending it more information than it was designed to handle. This confuses the heap, which is a lot like a buffer, causing an overflow condition. In the real world, it might be a little like taking a wrong turn in a bad section of town and getting completely lost and thus becoming confused and, therefore, vulnerable. Once the heap overflow condition has been achieved, a clever cracker's attack program would be able to take over your PC while it's distracted.

So while no active exploits have been reported, many of the worst attacks do occur to people who haven't patched an older hole that a nefarious individual has taken advantage of. The operative language to look out for is just what iDefense researchers said: "[successful exploitation] could allow attackers to execute arbitrary code as the currently logged on user." That's a recipe for a drive-by download or something equally as onerous.

If you use Trillian, the patched version is numbered 3.1.6.0. You can check out Cerulean's discussion for slightly more info and get the update at the same URL. Existing customers should get an auto update notice the next time they start their Trillian client.

Comments
Post a comment Post a comment
Recent Posts
More Bad News for Blu-Ray
McCain Pushes Fair Use on YouTube
Firefox Update Enters Beta
Googling Is Good For Your Brain
Apple vs. the Economy: Can the New Macs Really Sell?
Motorola, Verizon Deliver ZN4 Touch-Screen: Krave
Pimp Your Flip Mino with Customizable Designs
Archives
View posts from:
 

PC World's Marketplace

PC World's Free Whitepapers

QUICK LINKS: cheap laptops cell phones laser printers HDTV reviews LCD TV Plasmas digital cameras laptop reviews security antivirus windows vista reviews digital camera reviews inexpensive desktop LCD wide screen monitors
tech news tech blogs community & forums laptop prices software reviews downloads
About UsContact UsAdvertiseASME GuidelinesNewslettersFAQIDG InternationalMagazine Customer Service
© 1998-2008, PC World Communications, Inc.Terms of Service AgreementPrivacy PolicyCommunity Standards
RSS FeedsXML

Visit other IDG sites: