Executive Summary
Summary | |
---|---|
Title | Trillian Instant Messenger client fails to properly handle malformed URIs |
Informations | |||
---|---|---|---|
Name | VU#786920 | First vendor Publication | 2007-07-16 |
Vendor | VU-CERT | Last vendor Modification | 2007-07-20 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#786920Trillian Instant Messenger client fails to properly handle malformed URIsOverviewThe Trillian Instant Messaging client contains a buffer overflow vulnerability that may allow an attacker to execute code.I. DescriptionA Uniform Resource Identifier (URI) is a string of characters that can be used to identify a location, resource, or protocol. The Trillian Instant Messenger client is an IM application that supports multiple services, including AOL Instant Messenger. Trillian registers itself as the default handler for aim: URIs during installation. Web browsers may pass URIs to other applications that have been registered to handle them.A buffer overflow vulnerability exists in the Trillian Instant Messenger client. An attacker may exploit this vulnerability by convincing a user to open a malformed aim: URI inside of a web browser. When the web browser passes the malformed URI to the Trillian Instant Messenger client, the overflow may be triggered. Trillian 3.1.7.0 has been released to address this issue.
References
This issue was disclosed by Nate Mcfeters, Billy (BK) Rios, Raghav "the Pope" Dube. This document was written by Ryan Giobbi.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/786920 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
38171 | Trillian AOL Protocol Handler (AIM.DLL) Crafted aim:// URI Arbitrary Code Exe... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-07-23 | Name : The remote host contains an instant messaging application that is affected by... File : trillian_3_1_7_0.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:08:10 |
|