CVE-2006-0543

Name of the Vulnerable Software and Affected Versions Cerulean Trillian version 3.1.0.120

Description The issue allows remote attackers to cause a denial of service, resulting in a client crash, via an AIM message containing specific Mac encoded Rich Text Format (RTF) escape sequences, including 'd1, 'd2, 'd3, 'd4, and 'd5. These sequences can be accidentally sent by copying text from an OSX application and pasting it into the victim's client, causing the client to close immediately upon receiving such characters.

Recommendations For Cerulean Trillian version 3.1.0.120, as a temporary workaround, consider disabling the reception of AIM messages containing Mac encoded RTF character codes until a patch is available. Restrict access to the feature that allows the reception of such messages to minimize the risk of exploitation. Avoid using the affected RTF escape sequences in AIM messages until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.