Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Trillian < 3.1.10.0 Multiple Vulnerabilities

High

Synopsis

The remote host contains an instant messaging application that is affected by several vulnerabilities.

Description

The version of Trillian installed on the remote host reportedly contains several vulnerabilities :

- A stack buffer overflow in 'aim.dll' triggered when parsing messages with overly long attribute values within the 'FONT' tag. - A memory corruption issue within XML parsing in 'talk.dll' triggered when processing malformed attributes within an 'IMG' tag. - A stack buffer overflow in the header-parsing code for the MSN protocol when processing the 'X-MMS-IM-FORMAT' header.

Successful exploitation of each issue can result in code execution subject to the privileges of the current user.

Solution

Upgrade to Trillian 3.1.10.0 or later as it is reported to resolve these issues.