Vulnerabilities

Trillian buffer overflow and DDOS vulnerability (PC1-2009-0871)

Vulnerability chart	Trillian is vulnerable to a buffer overflow.
DDOS Unknown patch availability Patch implementation unknown	Trillian is vulnerable to a buffer overflow.

Description:	If a victim is convinced to download a specially-crafted .dtd file, a remote attacker is able either to overflow a buffer and execute arbitrary code on the system using SYSTEM rights or make the application to crash.
Impact:	With the help of this vulnerability, remote attackers are able to compromise an administrator and obtain access. Also, they could execute arbitrary code or commands. This type of vulnerability could cause denial of service as well.
References:	http://archives.neohapsis.com/archives/bugtraq/2008-04/0138.html. http://www.ceruleanstudios.com/.

Products:	Trillian Risk level Low Medium High Extreme Severe Warning: security vulnerability level = severe 9 vulnerabilities(-y) found between 19 June, 2007 and 3 April, 2009. Trillian refers to a proprietary multiprotocol instant messaging application... more See also: Trillian Instant Messenger
Publisher:	ISS
Operating Systems:	UNIX variants (UNIX, Linux, OSX) Windows
Impact:	Administrator Compromise Execute Arbitrary Code/Commands Denial of Service
Access:	Remote/Unauthenticated
Original Bulletin:	http://xforce.iss.net/xforce/xfdb/41782
Revision history:	April 3 2009: Corrected formatting April 3 2009: Initial Release