Info

Disclosure

Mar 24, 2005

Discovery

Mar 24, 2005

Dates

Exploit

Mar 24, 2005

Solution

Unknown

Description

A remote overflow exists in Trillian. Trillian fails to properly validate HTTP 1.1 response headers resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of malicious code resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Rumored

Solution

Upgrade to version 3.1 or higher, as it has been reported to fix this vulnerability except the issues with Yahoo IM. It is also possible to correct the flaw by implementing the following workaround(s): avoid using the Yahoo IM component until patched

Products

Cerulean Studios	Trillian	2.0
		3.0
		3.1

References

Security Tracker: 1013557
Secunia Advisory ID: 14689
CVE ID: 2005-0874 (see also: NVD) 2005-0875 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-03/0427.html
http://marc.theaimsgroup.com/?l=bugtraq&m=111171416802350&w=2
Vendor URL: http://www.ceruleanstudios.com/

Credit

Matt Hargett - matt.hargettlogiclibrary.com -

Direct URL: http://osvdb.org/15004

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Cerulean Studios

Trillian

References

Credit