23528 : Trillian AIM Plugin Null Message DoS
Printer | http://osvdb.org/23528 | Email This | Edit Vulnerability

Views This Week

Views All Time

827

Info

Last Modified

10 months ago

Percent Complete

100%

Disclosure

Feb 28, 2006

Discovery

Sep 26, 2005

Dates

Exploit

Feb 28, 2006

Solution

Unknown

Keywords

No Keywords

Description

Trillian contains a flaw that may allow a remote denial of service. The issue is triggered when a blank AOL AIM message is received, and will result in loss of availability for the software.

Classification

Location: Remote/Network Access Required
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Available
Disclosure: OSVDB Verified

Technical

It is not necessary for the victim to accept or interact with the message to kill the client software. The client will display the message "Trillian has encountered an error and must close." A log of the crash will be created in the Trillian "Crash Files" directory.

Solution

Upgrade to Trillian AOL plugin version 3.1.0.126 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Cerulean Studios	Trillian Pro	3.1.0.121
Cerulean Studios	Trillian Basic	3.1.0.121

References

Vendor URL: http://www.ceruleanstudios.com/
Other Advisory URL: http://www.cirt.net/advisories/trillian_blankdos.shtml

Credit

Sullo - sullocirt.net - cirt.net

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

Anonymous - 2008/08/20 01:21:56

Cerulean's website is http://www.ceruleanstudios.com/

(not cerulian, as spelled above)

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Keywords

Description

Classification

Technical

Solution

Products

Cerulean Studios

Trillian Pro

Trillian Basic

References

Credit

Blogs

Comments