Trillian Messenger Multiple Vulnerabilities Network Vulnerability

Summary

This host is installed with Trillian Messenger and is prone to multiple remote memory corruption vulnerabilities.

Impact

Successful exploitation will let the attacker execute arbitrary codes in the context of the application and can compromise a vulnerable system.

Solution

Upgrade to the version latest 3.1.12.0 http://www.ceruleanstudios.com/downloads

Insight

This flaw is due to, - Boundary check error while generating XML Tags for images which can be exploited to cause stack overflow. - An error while processing XML codes which can be exploited to corrupt an internal data structure and can clear a heap chunk multiple times. - An boundary error while processing specially crafted XML tags which can cause a heap overflow.

Affected

Cerulean Studios, Trillian Messenger version prior to 3.1.12.0 on Windows.

References

http://www.zerodayinitiative.com/advisories/ZDI-08-077/
http://www.zerodayinitiative.com/advisories/ZDI-08-078/
http://www.zerodayinitiative.com/advisories/ZDI-08-079/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-5401, CVE-2008-5402, CVE-2008-5403
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Apple iTunes 'itpc:' URI Buffer Overflow Vulnerability
Adobe Reader 'mailListIsPdf' Buffer Overflow Vulnerability (Linux)
Blazevideo HDTV Player PLF File Buffer Overflow Vulnerability
ACDSee FotoSlate PLP Multiple Buffer Overflow Vulnerabilities
ChaSen Buffer Overflow Vulnerability (Windows)

Take action and discover your vulnerabilities