PT-2007-4583 · Cerulean Studios · Trillian
Published
2007-06-20
·
Updated
2017-07-29
·
CVE-2007-3305
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Cerulean Studios Trillian versions 3.x through 3.1.5.0
Description
A heap-based buffer overflow issue exists, allowing remote attackers to execute arbitrary code via a message sent through the MSN protocol, or possibly other protocols, with a crafted UTF-8 string. This triggers improper memory allocation for word wrapping when a window width is used as a buffer size.
Recommendations
For versions 3.x through 3.1.5.0, update to version 3.1.6.0 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Trillian