Description
Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow.
Affected products
- cerulean_studios / trillian0.71 – 0.71
- cerulean_studios / trillian0.73 – 0.73
- cerulean_studios / trillian0.74 – 0.74
- cerulean_studios / trillian0.725 – 0.725
- cerulean_studios / trillian_pro1.0 – 1.0
- cerulean_studios / trillian_pro2.0 – 2.0
- cerulean_studios / trillian_pro2.01 – 2.01
References
- MISChttp://www.securityfocus.com/bid/9489
- VENDOR_ADVISORYhttp://security.e-matters.de/advisories/022004.html
- VENDOR_ADVISORYhttp://secunia.com/advisories/10973
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/15303
- MISChttp://securitytracker.com/id?1009220
- MAILING_LISThttp://lists.seifried.org/pipermail/security/2004-February/001869.html
- MISChttp://www.osvdb.org/4056