Cerulean Studios Trillian Multiple IRC Module UTF-8 Vulnerabilities

Bugtraq ID:	23730
Class:	Boundary Condition Error
CVE:	CVE-2007-2479 CVE-2007-2478
Remote:	Yes
Local:	No
Published:	May 01 2007 12:00AM
Updated:	Jul 06 2016 02:39PM
Credit:	iDefense Labs discovered and disclosed these vulnerabilities.
Vulnerable:	Cerulean Studios Trillian Pro 3.1 Cerulean Studios Trillian 3.1
Not Vulnerable:	Cerulean Studios Trillian Pro 3.1.5 0 Cerulean Studios Trillian 3.1.5 0

Cerulean Studios Trillian Multiple IRC Module UTF-8 Vulnerabilities

Trillian is prone to multiple buffer-overflow issues and an information leak in its IRC module. These issues occur because the application fails to properly bounds-check user-supplied data before copying it into fixed-sized memory buffers and fails to respond properly to exceptional conditions.

Remote attackers may exploit these vulnerabilities to execute arbitrary machine code in the context of vulnerable Trillian clients or to steal the contents of client-server communications.

Trillian 3.1 is affected.

Further reports suggest these issues also affect the MSN and ICQ modules; other modules may also be affected. This BID will be updated pending further investigation.

Cerulean Studios Trillian Multiple IRC Module UTF-8 Vulnerabilities

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Cerulean Studios Trillian Multiple IRC Module UTF-8 Vulnerabilities

Solution:
The vendor has released version 3.5.1.0, which addresses these issues. Please see the vendor references for details.

Cerulean Studios Trillian Multiple IRC Module UTF-8 Vulnerabilities

References:

• Cerulian Studios Blog (Cerulean Studios )
  
• Trillian Homepage (Cerulean Studios)
  
• iDefense Security Advisory 04.30.07: Cerulean Studios Trillian Multiple IRC Vuln (iDefense Labs)
  
• Re: iDefense Security Advisory 04.30.07: Cerulean Studios Trillian Multiple IRC (Marvin Frick )
  
• Re: iDefense Security Advisory 04.30.07: Cerulean Studios Trillian Multiple IRC (Reversemode )
  
• Cerulean Studios Trillian Multiple IRC Vulnerabilities (iDefense Labs)