Cerulean Studios Trillian Word Wrapping UTF-8 Encoded String Heap Buffer Overflow Vulnerability
TITLE: Cerulean Studios Trillian Word Wrapping UTF-8 Encoded String Heap Buffer Overflow Vulnerability
CLASS: Boundary Condition Error
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 18 2007 12:00AM
UPDATE: Jun 19 2007 05:59PM
CREDIT: www.BlurredLogic.com is credited with the discovery of this vulnerability.
VULNERABLE:
Cerulean Studios Trillian 3.1.5.1NOT VULNERABLE:
Cerulean Studios Trillian 3.1.6.0
Vai alla pagina originale su Security Focus
Discussion
Trillian is prone to a heap-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts will result in a denial of service.
This issue affects Trillian 3.1.5.1; prior versions may also be affected.
Exploit
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.
Solution
Solution:
The vendor released an update to address this issue. Please see the references for more information.
References
References:
- Trillian Homepage (Cerulean Studios)
- iDefense Security Advisory 06.18.07: Cerulean Studios Trillian UTF-8 Word Wrap H (labs-no-reply@idefense.com)
- PUBLIC ADVISORY: 06.18.07 Cerulean Studios Trillian UTF-8 Word Wrap Heap Overflo (iDefense Labs )