Trillian MSN Module Messenger Server Overflow

Discussion in 'Windows Desktop Systems' started by rik, Sep 10, 2004.

  1. rik

    rik OSNN Addict

    I dunno
    Article found in it's original context here

    OSVDB ID: 9777
    Rating: TBD
    Disclosure Date: Sep 8, 2004

    Trillian contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when a boundary error within the MSN module occurs. It is possible that the flaw may allow a malicious to gain access to the target system resulting in a loss of integrity.

    Technical Description:
    This vulnerability can be exploited to create a buffer overflow by sending a long string, approximately 4096 bytes in length, followed by a new line character from an MSN messenger server.

    To exploit this flaw an attacker must either change intercepted traffic sent from an MSN messenger server to the target or get the target to connect to a malicious MSN messenger server.

    Vulnerability Classification:
    Remote/Network Access Required
    Infrastructure Attack
    Loss Of Integrity
    Exploit Available

    Cerulean Studios Trillian 0.74i

    Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

    External References:

    Generic Exploit URL:
    ISS X-Force ID: 17292
    Secunia Advisory ID: 12487
    Vendor URL:
    Vendor URL:
    Other Advisory URL:
    Security Mail List Post:
    Security Tracker: 1011186



    Vulnerability Status:
    This entry was last updated on Sep 9, 2004. If you have additional information or corrections for this vulnerability please submit them to OSVDB Moderators.
    Mubbers likes this.