CVE-2004-2370

Name of the Vulnerable Software and Affected Versions: Trillian versions 0.71 through 0.74f Trillian Pro versions 1.0 through 2.01

Description: A stack-based buffer overflow issue exists due to the improper handling of oversized packet key names in the Yahoo Messenger packet parser. This allows remote attackers to execute arbitrary code, resulting in a loss of confidentiality, integrity, and availability. The issue is triggered by a specially crafted request.

Recommendations: For Trillian versions 0.71 through 0.74f, update to a version outside of this range to resolve the issue. For Trillian Pro versions 1.0 through 2.01, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the Yahoo Messenger packet parser to minimize the risk of exploitation.