|
Multiple vulnerabilities fixed in Trillian 3.1.12.0
|
12/12/08
CVE 2008-5401
CVE 2008-5402
CVE 2008-5403
Trillian before 3.1.12.0 is prone to multiple memory-corruption vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the affected application
or cause denial-of-service conditions.
|
MSN MIME Header Stack Overflow
|
06/03/08
CVE 2008-2409
Trillian 3.1.10.0 and earlier have a buffer overflow vulnerability.
The vulnerability is due to a boundary error in the header parsing code for the MSN protocol,
when processing the X-MMS-IM-FORMAT header. Remote attackers could exploit this vulnerability via
a specially crafted X-MMS-IM-FORMAT header with an overly long attribute.
Successful exploitation would cause a memory corruption that may lead to arbitrary code execution in the security context of the logged in user.
|
Multiple Protocol XML Parsing Memory Corruption
|
06/03/08
CVE 2008-2408
Trillian 3.1.10.0 and earlier have a buffer overflow vulnerability.
The vulnerability is due to an error in XML parsing in talk.dll.
Remote attackers could exploit this vulnerability via malformed attributes within an IMG tag.
Successful exploitation would overwrite an allocated heap chunk which can eventually lead to code execution under the context of the user.
|
AIM.DLL Long HTML Font Parameter Stack Overflow
|
06/03/08
CVE 2008-2407
Trillian 3.1.10.0 and earlier have a buffer overflow vulnerability.
The vulnerability is due to a boundary error when parsing messages with overly long attribute values within the FONT tag.
Remote attackers could exploit this vulnerability by persuading a target user to open a malicious file.
Successful exploitation would cause a memory corruption that may lead to arbitrary code execution in the security context of the logged in user.
|
Long Nickname Remote Denial of Service
|
05/09/08
CVE 2008-2008
Trillian 3.1.9.0 and earlier have a buffer overflow in the
Display Names message feature that allows remote attackers to
cause a denial of service or execute arbitrary code via a long
nickname in an MSN protocol message.
|
AIM URI handler vulnerabilities
|
07/19/07
CVE 2007-3832
CVE 2007-3833
Trillian 3.1.6.0 and earlier are affected by two vulnerabilities
when processing URI's beginning with aim://.
The first vulnerability allows arbitrary data to be written to
a file specified by the ini parameter,
potentially allowing command execution by, for example,
writing a batch file into the Startup folder.
The second vulnerability is a buffer overflow in aim.dll.
|
UTF-8 Word Wrapping vulnerability
|
06/27/07
CVE 2007-3305
A heap overflow vulnerability in Trillian prior to
version 3.1.6.0 allows command execution when a user
opens a specially crafted message containing a UTF-8
string which is word-wrapped.
|
IRC Module Vulnerabilities
|
05/08/07
CVE 2007-2418
CVE 2007-2478
CVE 2007-2479
Trillian prior to 3.1.5.1 is affected by multiple
vulnerabilities in the Internet Relay Chat (IRC) module.
Firstly, a long CTCP ping message could cause a malformed
response to be sent to the server and truncated, allowing
the next line to be sent to an attacker.
Secondly, a buffer overflow when a user highlights a
URL containing a long string of UTF-8 characters could
lead to command execution.
Thirdly, a font face HTML tag with the face attribute set to a long
UTF-8 string could cause a buffer overflow.
|
AIM Message Denial of Service
|
CVE 2006-0543
Trillian 3.1.0.120 can be crashed by an AIM message
containing certain Mac encoded Rich Text Format (RTF)
escape sequences, leading to a denial of service.
|
Reverse Direct Connection Denial of Service
|
CVE 2005-3141
Trillian 3.0 can be crashed by a request for a reverse
direct connection from another client, leading to a
denial of service.
|
Yahoo! E-mail Password Disclosure
|
CVE 2005-2444
Trillian Pro 3.1 build 121 stores the Yahoo! e-mail passwords
in plaintext in a world readable file, allowing local
users to see other users' passwords.
|
HTTP Header Buffer Overflow in Plug-ins
|
04/01/05
CVE 2005-0874
CVE 2005-0875
The Yahoo, AIM, MSN, RSS, and other plug-ins are affected by
a buffer overflow condition. When these plug-ins connect to
a remote web server, a long, specially crafted string in the
header of the HTTP response could cause arbitrary commands to
execute on the user's computer. Trillian 2.0 is affected by
these vulnerabilities. Trillian 3.0 and 3.1 are affected by
the vulnerability in the Yahoo plug-in only.
|
PNG Image Buffer Overflow
|
03/11/05
CVE 2005-0633
Trillian 3.0 is affected by a buffer overflow condition in
the processing of PNG images. A remote attacker could cause
arbitrary commands to execute on a user's computer when
the user opens a malformed PNG image supplied by the attacker.
09/13/04
CVE 2004-1666
The MSN module in Trillian 0.74i and earlier is affected
by a buffer overflow when receiving a string which is
over 4096 bytes long ending in a newline character.
A remote attacker could execute arbitrary system commands
by injecting a specially crafted string in a response from
an MSN messenger server using a man-in-the-middle attack.
In order to exploit this vulnerability, the attacker would
need to be situated on the network in a position which would
allow him or her to intercept traffic between the client
and server.
CVE 2002-1486
A buffer overflow condition in the IRC module allows a remote
IRC server to execute arbitrary commands on the system using
a JOIN message with a long channel name, a long "raw 221" message, a PRIVMSG message with a long nickname, a long response
from an ident server, or any block of data over 4096 bytes long. This could cause a compromise of the user's computer if
the user connects to a malicious IRC server. Trillian
0.74 and earlier are affected by this vulnerability.
CVE 2002-1485
CVE 2002-1487
CVE 2002-1488
CVE 2003-0520
Various vulnerabilities in Trillian 0.74 and earlier could
allow a malicious server to crash the Trillian client.
