| CVE ID | CVE-2008-2407 |
| CVSS SCORE | |
| AFFECTED VENDORS |
Cerulean Studios |
| AFFECTED PRODUCTS |
Trillian |
| TREND MICRO CUSTOMER PROTECTION | Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID ['5958']. For further product information on the TippingPoint IPS: http://www.tippingpoint.com |
| VULNERABILITY DETAILS |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trillian. User interaction is required to exploit this vulnerability in that the target must open a malicious image file. The specific flaws exists during the parsing of messages with overly long attribute values within the FONT tag. The value for any attribute is copied into a stack based buffer via sprintf() which can result in a buffer overrun and can be subsequently leveraged to execute arbitrary code under the privileges of the logged in user. Exploitation may occur over the AIM network or via direct connections. |
| ADDITIONAL DETAILS |
Trillian v3.1.10.0 has been released to address these vulnerabilities and is available at http://www.ceruleanstudios.com/downloads/ |
| DISCLOSURE TIMELINE |
|
| CREDIT | Anonymous |
