Vulnerability Note VU#786920
Trillian Instant Messenger client fails to properly handle malformed URIs
The Trillian Instant Messaging client contains a buffer overflow vulnerability that may allow an attacker to execute code.
A Uniform Resource Identifier (URI) is a string of characters that can be used to identify a location, resource, or protocol. The Trillian Instant Messenger client is an IM application that supports multiple services, including AOL Instant Messenger. Trillian registers itself as the default handler for aim: URIs during installation. Web browsers may pass URIs to other applications that have been registered to handle them.
A buffer overflow vulnerability exists in the Trillian Instant Messenger client. An attacker may exploit this vulnerability by convincing a user to open a malformed aim: URI inside of a web browser. When the web browser passes the malformed URI to the Trillian Instant Messenger client, the overflow may be triggered.
A remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user running Trillian.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Cerulean Studios||Affected||-||16 Jul 2007|
|America Online, Inc.||Not Affected||-||16 Jul 2007|
CVSS Metrics (Learn More)
This issue was disclosed by Nate Mcfeters, Billy (BK) Rios, Raghav "the Pope" Dube.
This document was written by Ryan Giobbi.
- CVE IDs: Unknown
- Date Public: 15 Jul 2007
- Date First Published: 16 Jul 2007
- Date Last Updated: 20 Jul 2007
- Severity Metric: 23.76
- Document Revision: 31
If you have feedback, comments, or additional information about this vulnerability, please send us email.