Description
Stack-based buffer overflow in Trillian 0.71 through 0.74f and Trillian Pro 1.0 through 2.01 allows remote attackers to execute arbitrary code via a Yahoo Messenger packet with a long key name.
Product(s):
- Cerulean Studios Trillian 0.71
- Cerulean Studios Trillian 0.725
- Cerulean Studios Trillian 0.73
- Cerulean Studios Trillian 0.74
- Cerulean Studios Trillian 0.74b
- Cerulean Studios Trillian 0.74c
- Cerulean Studios Trillian 0.74d
- Cerulean Studios Trillian 0.74e
- Cerulean Studios Trillian 0.74f
- Cerulean Studios Trillian 0.74g
- Cerulean Studios Trillian Pro 1.0
- Cerulean Studios Trillian Pro 2.01
- Cerulean Studios Trillian Pro 2.0
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-2370, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-2370 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.