Advisory Details

May 21st, 2008

Trillian AIM.DLL Long HTML Font Parameter Stack Overflow Vulnerability

ZDI-08-029
ZDI-CAN-275

CVE ID CVE-2008-2407
CVSS SCORE
AFFECTED VENDORS Cerulean Studios
AFFECTED PRODUCTS Trillian
TREND MICRO CUSTOMER PROTECTION Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 5958. For further product information on the TippingPoint IPS: http://www.tippingpoint.com
VULNERABILITY DETAILS

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trillian. User interaction is required to exploit this vulnerability in that the target must open a malicious image file.

The specific flaws exists during the parsing of messages with overly long attribute values within the FONT tag. The value for any attribute is copied into a stack based buffer via sprintf() which can result in a buffer overrun and can be subsequently leveraged to execute arbitrary code under the privileges of the logged in user. Exploitation may occur over the AIM network or via direct connections.

ADDITIONAL DETAILS

Trillian v3.1.10.0 has been released to address these vulnerabilities and is available at http://www.ceruleanstudios.com/downloads/


DISCLOSURE TIMELINE
  • 2007-12-03 - Vulnerability reported to vendor
  • 2008-05-21 - Coordinated public release of advisory
CREDIT Anonymous
BACK TO ADVISORIES