Executive Summary

Summary
Title Trillian Instant Messenger client fails to properly handle malformed URIs
Informations
Name VU#786920 First vendor Publication 2007-07-16
Vendor VU-CERT Last vendor Modification 2007-07-20
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#786920

Trillian Instant Messenger client fails to properly handle malformed URIs

Overview

The Trillian Instant Messaging client contains a buffer overflow vulnerability that may allow an attacker to execute code.

I. Description

A Uniform Resource Identifier (URI) is a string of characters that can be used to identify a location, resource, or protocol. The Trillian Instant Messenger client is an IM application that supports multiple services, including AOL Instant Messenger. Trillian registers itself as the default handler for aim: URIs during installation. Web browsers may pass URIs to other applications that have been registered to handle them.

A buffer overflow vulnerability exists in the Trillian Instant Messenger client. An attacker may exploit this vulnerability by convincing a user to open a malformed aim: URI inside of a web browser. When the web browser passes the malformed URI to the Trillian Instant Messenger client, the overflow may be triggered.

Note that some web browsers may present a dialog box warning that the aim: URI is being handed off to another program.

II. Impact

A remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user running Trillian.

III. Solution

Update

Trillian 3.1.7.0 has been released to address this issue.

Unregister the AIM protocols

Disabling the AIM protocol handler can mitigate this vulnerability. To unregister the protocol handler, delete or rename the following registry key:

HKEY_CLASSES_ROOTAIM

Note that when Trillian (trillian.exe) is started, it will attempt to recreate or repair the registry key. On Windows XP SP2 by default, Administrators and Power Users have permissions to modify the registry key. To prevent Trillian from recreating the registry key, run Trillian with a limited user account. Alternatively, change or delete the value for

HKEY_CLASSES_ROOTAIMshellopencommand

and change permissions so that the appropriate user groups can not recreate or repair the key.


Block access to aim: URIs

Administrators may partially mitigate this vulnerability by blocking access to the aim: URI using proxy server access control lists or the appropriate content filtering rule.

Systems Affected

VendorStatusDate Updated
America Online, Inc.Not Vulnerable16-Jul-2007
Cerulean StudiosVulnerable16-Jul-2007

References


http://blog.ceruleanstudios.com/?p=170
http://www.ceruleanstudios.com/downloads/
http://www.xs-sniper.com/nmcfeters/Cross-App-Scripting-2.html
http://en.wikipedia.org/wiki/Uniform_Resource_Identifier
http://secunia.com/advisories/26086/
http://technet2.microsoft.com/windowsserver/en/library/2621d47b-714b-4549-8f21-29ea082ed76b1033.mspx?mfr=true

Credit

This issue was disclosed by Nate Mcfeters, Billy (BK) Rios, Raghav "the Pope" Dube.

This document was written by Ryan Giobbi.

Other Information

Date Public07/15/2007
Date First Published07/16/2007 04:40:45 PM
Date Last Updated07/20/2007
CERT Advisory 
CVE Name 
Metric23.76
Document Revision31

Original Source

Url : http://www.kb.cert.org/vuls/id/786920

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Open Source Vulnerability Database (OSVDB)

Id Description
38171 Trillian AOL Protocol Handler (AIM.DLL) Crafted aim:// URI Arbitrary Code Exe...

Nessus® Vulnerability Scanner

Date Description
2007-07-23 Name : The remote host contains an instant messaging application that is affected by...
File : trillian_3_1_7_0.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 12:08:10
  • Multiple Updates