|
 |
|
Trillian Multiple Vulnerabilities
|
|
|
|
|
Secunia Advisory:
|
SA30336
|
|
|
Release Date:
|
2008-05-22
|
|
Last Update:
|
2008-06-04
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Partial Fix
|
|
| Software: | Trillian Basic 3.x
Trillian Pro 3.x
|
| | CVE reference: | CVE-2008-2407 (Secunia mirror)
CVE-2008-2408 (Secunia mirror)
CVE-2008-2409 (Secunia mirror)
|
|
|
|
|
|
Description:
Some vulnerabilities have been reported in Trillian, which can be exploited by malicious people to compromise a user's system.
1) A boundary error within the header parsing code for the MSN protocol can be exploited to cause a stack-based buffer overflow via a specially crafted X-MMS-IM-FORMAT header with an overly long attribute.
Successful exploitation allows execution of arbitrary code.
2) An error within the XML parsing in talk.dll can be exploited to cause a memory corruption via certain malformed attributes within an 'IMG' tag.
Successful exploitation allows execution of arbitrary code.
3) A boundary error when parsing messages (e.g. via the AIM network) with overly long attribute values within the FONT tag can be exploited to cause a stack-based buffer overflow.
Successful exploitation allows execution of arbitrary code but requires that the user is tricked into opening a malicious image file.
Solution:
Update to version 3.1.10.0.
http://www.ceruleanstudios.com/downloads/
NOTE: At least vulnerability #1 is not properly patched in the latest version and can still be exploited.
Provided and/or discovered by:
1, 2) tw33k and n8, reported via ZDI
3) An anonymous researcher, reported via ZDI.
Changelog:
2008-05-30: Added information from Secunia Research about incomplete patch.
2008-06-04: Added CVE reference.
Original Advisory:
ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-08-031/
http://www.zerodayinitiative.com/advisories/ZDI-08-030/
http://www.zerodayinitiative.com/advisories/ZDI-08-029/
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
7 Related Secunia Security Advisories
|
|
|
1. Trillian Display Name Processing Memory Corruption
|
|
2. Trillian "aim://" URI Handler Two Vulnerabilities
|
|
3. Trillian UTF-8 Word Wrap Buffer Overflow Vulnerability
|
|
4. Trillian Information Leakage and Buffer Overflow Vulnerabilities
|
|
5. Trillian Exposure of User Credentials
|
|
6. Trillian Multiple Plug-ins Buffer Overflow Vulnerabilities
|
|
7. Trillian Basic PNG Image Buffer Overflow Vulnerability
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
