Article found in it's original context here OSVDB ID: 9777 Rating: TBD Disclosure Date: Sep 8, 2004 Description: Trillian contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when a boundary error within the MSN module occurs. It is possible that the flaw may allow a malicious to gain access to the target system resulting in a loss of integrity. Technical Description: This vulnerability can be exploited to create a buffer overflow by sending a long string, approximately 4096 bytes in length, followed by a new line character from an MSN messenger server. To exploit this flaw an attacker must either change intercepted traffic sent from an MSN messenger server to the target or get the target to connect to a malicious MSN messenger server. Vulnerability Classification: Remote/Network Access Required Infrastructure Attack Loss Of Integrity Exploit Available Products: Cerulean Studios Trillian 0.74i Solution: Currently, there are no known upgrades, patches, or workarounds available to correct this issue. External References: Generic Exploit URL: http://unsecure.altervista.org/security/trillianbof.c ISS X-Force ID: 17292 Secunia Advisory ID: 12487 Vendor URL: http://www.trillian.cc/ Vendor URL: http://www.ceruleanstudios.com/ Other Advisory URL: http://unsecure.altervista.org/security/trillian.htm Security Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-09/0069.html Security Tracker: 1011186 Credit: Komrade Vulnerability Status: This entry was last updated on Sep 9, 2004. If you have additional information or corrections for this vulnerability please submit them to OSVDB Moderators.