Executive Summary
Summary | |
---|---|
Title | Cerulean Studios Trillian Instant Messenger fails to properly handle "UTF-8" sequences |
Informations | |||
---|---|---|---|
Name | VU#187033 | First vendor Publication | 2007-06-20 |
Vendor | VU-CERT | Last vendor Modification | 2007-06-29 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#187033Cerulean Studios Trillian Instant Messenger fails to properly handle "UTF-8" sequencesOverviewA vulnerability in Cerulean Studios Trillian Instant Messenger client may lead to execution of arbitrary code.I. DescriptionCerulean Studios Trillian Instant Messenger client fails to properly handle specially crafted UTF-8 text. A heap overflow may occur when Trillian receives a messages with malformed UTF-8 strings.II. ImpactA remote, authenticated attacker may be able to execute arbitrary code with the privileges of the user or cause a denial-of-service condition by sending the client a message.III. SolutionUpdateCerulean Studios has released an update to address this issue. See the Cerulean Studios Blog for more information.
References
This vulnerability was reported in iDefense Public Advisory 6.18.07. iDefense credits www.BlurredLogic.com with reporting this issue. This document was written by Chris Taschner.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/187033 |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
37446 | Trillian UTF-8 String Word Wrap Remote Overflow |
35721 | Trillian Pro IRC Component UTF-8 String Handling Multiple Overflows |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-06-19 | Name : The remote host contains an instant messaging application that is affected by... File : trillian_3_1_6_0.nasl - Type : ACT_GATHER_INFO |
2007-05-01 | Name : The remote host contains an instant messaging application that is susceptible... File : trillian_3_1_5_0.nasl - Type : ACT_GATHER_INFO |