Published: 02/04/2003 Updated: 05/09/2008

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 775

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple buffer overflows in the IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service and possibly execute arbitrary code via (1) a large response from the server, (2) a JOIN with a long channel name, (3) a long "raw 221" message, (4) a PRIVMSG with a long nickname, or (5) a long response from an IDENT server.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cerulean studios trillian 0.725
cerulean studios trillian 0.73
cerulean studios trillian 0.74

source: wwwsecurityfocuscom/bid/5755/info Trillian is an instant messaging client that supports a number of protocols (including IRC, ICQ, MSN) It is available for Microsoft Windows systems A buffer overflow has been discovered in Trillian version 73 and 74 When processing a PRIVMSG command with an overly large sender name, a buffer ...

source: wwwsecurityfocuscom/bid/5733/info Trillian ships with an ident server to facilitate connections to IRC servers that require an ident response before allowing access A buffer overflow condition exists in the Trillian ident server, which may potentially be exploited to cause a denial of service or execute arbitrary code When the ...

source: wwwsecurityfocuscom/bid/5769/info Trillian is an instant messaging client that supports a number of protocols (including IRC, ICQ, MSN) It is available for Microsoft Windows systems It has been reported that Trillian does not perform adequate bounds checking when receiving IRC raw user mode messages When a Trillian client rec ...

source: wwwsecurityfocuscom/bid/5777/info A vulnerability has been reported for Trillian Reportedly, Trillian is prone to a buffer overflow condition when it receives blocks of data that are larger than 4095 bytes A malicious server may exploit this condition to cause a denial of service in the client This may also potentially be exp ...

source: wwwsecurityfocuscom/bid/5765/info The Trillian IRC module does not sufficiently check bounds on JOIN commands A malicious IRC server may potentially exploit this condition to cause a denial of service or execute arbitrary code with the privileges of the client This issue was reported for Trillian versions 073 and 074 Earlier ...

NVD-CWE-Other http://archives.neohapsis.com/archives/bugtraq/2002-09/0258.html http://www.securityfocus.com/bid/5769 http://www.securityfocus.com/bid/5777 http://www.iss.net/security_center/static/10151.php http://www.iss.net/security_center/static/10163.php http://archives.neohapsis.com/archives/bugtraq/2002-09/0266.html http://archives.neohapsis.com/archives/bugtraq/2002-09/0268.html http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0139.html http://www.securityfocus.com/bid/5765 http://www.iss.net/security_center/static/10150.php http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0140.html https://nvd.nist.gov https://www.exploit-db.com/exploits/21810/

CVE-2002-1486

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect