|
Trillian Multiple Plug-ins Buffer Overflow Vulnerabilities
|
|
Secunia Advisory:
|
SA14689
|
|
|
Release Date:
|
2005-03-25
|
|
Last Update:
|
2005-03-30
|
|
Popularity:
|
10,433 views
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Unpatched
|
|
| Software: | Trillian Basic 3.x
Trillian Pro 2.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2005-0874
CVE-2005-0875
|
|
Description:
LogicLibrary has reported some vulnerabilities in Trillian, allowing malicious people to compromise a users system.
The vulnerabilities are caused due to boundary errors in the handling of HTTP/1.1 response headers. This can be exploited to cause a heap-based buffer overflow and execute arbitrary code by sending a maliciously crafted HTTP/1.1 response.
Successful exploitation requires that the attacker controls a server, which Trillian connects to, or is able to conduct a Man-in-the-Middle attack.
The vulnerabilities have been reported in the AIM, Yahoo, MSN, RSS and possibly other plug-ins in Trillian 2.0. It has also been reported in the Yahoo IM and possibly other plug-ins in Trillian version 3.0 and 3.1.
Solution:
Use another product.
Provided and/or discovered by:
LogicLibrary
Changelog:
2005-03-30: Added CVE references.
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
