Cerulean Studios Trillian Remote PNG Image File Parsing Buffer Overflow Vulnerability

Bugtraq ID:	12703
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 02 2005 12:00AM
Updated:	Mar 02 2005 12:00AM
Credit:	Tal Zeltzer <[email protected]> is credited with the disclosure of this issue.
Vulnerable:	Cerulean Studios Trillian Pro 3.0 Cerulean Studios Trillian 3.0
Not Vulnerable:	Cerulean Studios Trillian Pro 3.1 Cerulean Studios Trillian 3.1

Cerulean Studios Trillian Remote PNG Image File Parsing Buffer Overflow Vulnerability

A remote buffer overflow vulnerability affects Cerulean Studios Trillian. This issue is due to a failure of the application to securely copy image data into finite process buffers.

An attacker may leverage this issue to execute arbitrary code with the privileges of an unsuspecting user that activated the vulnerable application.

Cerulean Studios Trillian Remote PNG Image File Parsing Buffer Overflow Vulnerability

An exploit has been made available:

• /data/vulnerabilities/exploits/trillianPNGOverflow.py

Cerulean Studios Trillian Remote PNG Image File Parsing Buffer Overflow Vulnerability

Solution:
Cerulean Studios has released an upgrade dealing with this issue. Please contact the vendor for more information on obtaining updated packages.

Cerulean Studios Trillian Remote PNG Image File Parsing Buffer Overflow Vulnerability

References:

• Trillian Homepage (Cerulean Studios)