Secunia Advisory: SA26086
Release Date: 2007-07-17
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Trillian Basic 3.x
Trillian Pro 3.x
Description:
Two vulnerabilities have been discovered in Trillian, which can be exploited by malicious people to compromise a user's system.
1) The aim:// URI handler does not verify certain parts of the "aim://" URI before writing it into a file specified via the unverified "ini=" parameter. This can be exploited to e.g. write a batch file into the Windows "Startup" folder that starts an attacker-defined application by tricking a user into following a specially crafted "aim://" URI.
2) A boundary error within the processing of "aim://" URIs exists in the aim.dll plugin. This can be exploited to cause a buffer overflow by e.g. tricking a user into following a specially crafted "aim://" URI.
Successful exploitation allows the execution of arbitrary code.
The vulnerabilities are confirmed in Trillian Basic 3.1.6.0. Other versions may also be affected.
Solution:
Do not browse untrusted sites.
Disable the "aim://" URI handler.
Bollettino Secunia
Release Date: 2007-07-17
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Trillian Basic 3.x
Trillian Pro 3.x
Description:
Two vulnerabilities have been discovered in Trillian, which can be exploited by malicious people to compromise a user's system.
1) The aim:// URI handler does not verify certain parts of the "aim://" URI before writing it into a file specified via the unverified "ini=" parameter. This can be exploited to e.g. write a batch file into the Windows "Startup" folder that starts an attacker-defined application by tricking a user into following a specially crafted "aim://" URI.
2) A boundary error within the processing of "aim://" URIs exists in the aim.dll plugin. This can be exploited to cause a buffer overflow by e.g. tricking a user into following a specially crafted "aim://" URI.
Successful exploitation allows the execution of arbitrary code.
The vulnerabilities are confirmed in Trillian Basic 3.1.6.0. Other versions may also be affected.
Solution:
Do not browse untrusted sites.
Disable the "aim://" URI handler.
Bollettino Secunia