Researchers Billy (BK) Rios, Nate Mcfeters, and Raghav "the Pope" Dube released proof-of-concept exploit code for two zero-day flaws in the Trillian instant messaging platform.
"It’s time we showed another example of how dangerous these URI handler vulnerabilities can be…" said the trio, detailing the flaws on the xs-sniper.com website.
The first flaw is due to an input validation error in the "ini=" parameter supplied via "aim://" URIs. The vulnerability could be exploited by a remote attacker to take control of a targeted system, according to Secunia.
The second vulnerability occurs within the processing of "aim://" URIs in the aim.dll plugin. The flaw can be exploited by attackers by tricking a user into following a specially crafted "aim://" URI file, according to the Danish vulnerability clearinghouse.
Secunia ranked the flaws, both of which exist in Trillian Basic 18.104.22.168, as "highly critical," meaning that they can be exploited from a remote location.
FrSIRT ranked both flaws as "critical." A Trillian representative could not immediately be reached for comment.
Rios told SCMagazine.com that he and his colleagues have been researching URI flaws for a year and found that they are "rampant."
"We’ve basically encountered a ‘perfect storm’ when it comes to URI handlers. Most developers don’t realize that by registering a URI handler with Windows, they are significantly increasing their attack surface," he said via email.
"URI handlers can allow remote access to applications on a user’s system. If an application isn’t coded properly, attackers can abuse this remote access to compromise a system."
Meanwhile, researcher Rajesh Sethumadhavan released proof-of-concept buffer overflow exploit code for a flaw in Yahoo Messenger version 8.1. The code can be used for a DoS attack when Yahoo loads a specially crafted address book entry.
Sethumadhavan said on Monday that the flaw was discovered on 10 April.
An attacker can take advantage of the flaw by sending a specially crafted address and using a social engineering attack to get a victim to place the mouse over the imported address.
A Yahoo representative could not immediately be reached for comment.
Don Montgomery, vice president of marketing at Akonix, told SC Magazine that vulnerabilities on IM platforms are a growing problem.
"IM gets adopted more widely at home and at work now, and the bigger the network, the bigger the problem is," he said. "[Home users] are less likely to be secure and less likely to be on a protected network. They’re probably on broadband or cable."
Flaws revealed for Trillian, Yahoo IM platforms
By Frank Washkuch on Jul 18, 2007 10:53AM