Article found in it's original context here
OSVDB ID: 9777
Rating: TBD
Disclosure Date: Sep 8, 2004
Description:
Trillian contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when a boundary error within the MSN module occurs. It is possible that the flaw may allow a malicious to gain access to the target system resulting in a loss of integrity.
Technical Description:
This vulnerability can be exploited to create a buffer overflow by sending a long string, approximately 4096 bytes in length, followed by a new line character from an MSN messenger server.
To exploit this flaw an attacker must either change intercepted traffic sent from an MSN messenger server to the target or get the target to connect to a malicious MSN messenger server.
Vulnerability Classification:
Remote/Network Access Required
Infrastructure Attack
Loss Of Integrity
Exploit Available
Products:
Cerulean Studios Trillian 0.74i
Solution:
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
External References:
Generic Exploit URL: http://unsecure.altervista.org/security/trillianbof.c
ISS X-Force ID: 17292
Secunia Advisory ID: 12487
Vendor URL: http://www.trillian.cc/
Vendor URL: http://www.ceruleanstudios.com/
Other Advisory URL: http://unsecure.altervista.org/security/trillian.htm
Security Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-09/0069.html
Security Tracker: 1011186
Credit:
Komrade
Vulnerability Status:
This entry was last updated on Sep 9, 2004. If you have additional information or corrections for this vulnerability please submit them to OSVDB Moderators.
OSVDB ID: 9777
Rating: TBD
Disclosure Date: Sep 8, 2004
Description:
Trillian contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when a boundary error within the MSN module occurs. It is possible that the flaw may allow a malicious to gain access to the target system resulting in a loss of integrity.
Technical Description:
This vulnerability can be exploited to create a buffer overflow by sending a long string, approximately 4096 bytes in length, followed by a new line character from an MSN messenger server.
To exploit this flaw an attacker must either change intercepted traffic sent from an MSN messenger server to the target or get the target to connect to a malicious MSN messenger server.
Vulnerability Classification:
Remote/Network Access Required
Infrastructure Attack
Loss Of Integrity
Exploit Available
Products:
Cerulean Studios Trillian 0.74i
Solution:
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
External References:
Generic Exploit URL: http://unsecure.altervista.org/security/trillianbof.c
ISS X-Force ID: 17292
Secunia Advisory ID: 12487
Vendor URL: http://www.trillian.cc/
Vendor URL: http://www.ceruleanstudios.com/
Other Advisory URL: http://unsecure.altervista.org/security/trillian.htm
Security Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-09/0069.html
Security Tracker: 1011186
Credit:
Komrade
Vulnerability Status:
This entry was last updated on Sep 9, 2004. If you have additional information or corrections for this vulnerability please submit them to OSVDB Moderators.