CVE-2004-2304

Name of the Vulnerable Software and Affected Versions: Trillian versions 0.74 and earlier Trillian Pro versions 2.01 and earlier

Description: The issue is related to an integer overflow that allows remote attackers to cause a denial of service and possibly execute arbitrary code. This is achieved via a directIM packet that triggers a heap-based buffer overflow. The AOL Instant Messenger DirectIM parser fails to properly allocate a parsing buffer, resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution, leading to a loss of confidentiality, integrity, and/or availability.

Recommendations: For Trillian versions 0.74 and earlier, consider upgrading to a version later than 0.74 to resolve the issue. For Trillian Pro versions 2.01 and earlier, consider upgrading to a version later than 2.01 to resolve the issue. As a temporary workaround, consider restricting access to the directIM packet parser to minimize the risk of exploitation.