Vulnerabilities in the open source instant-messaging client would allow attackers to crash the application or run malicious code on a user's PC - Gaim 1.5.0 fixes them
Users of Gaim, the multiplatform instant messaging application, should upgrade to a new version to protect themselves from three newly discovered security holes.
Gaim 1.5.0 was released on Thursday. It fixes a flaw in the way Gaim processes a setting in AOL Instant Messenger (AIM) and ICQ showing a user is away from their machine. A malicious attacker could run a large number of "%n" symbols in their away message and trigger a buffer overflow when the Gaim user ran their mouse over this text. This could then allow the attacker to run malicious code on the Gaim user's PC.
A second problem, in the way Gaim handled file transfers, could also be exploited to crash the application. The third flaw, in a protocol handler, was less serious and didn't affect users on x86 machines.
The new version of Gaim can be downloaded from its homepage here.
There are currently 1 users browsing this thread. (0 members and 1 guests)