<em style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-2418" target="_blank">CVE</a>)</em> : Heap-based buffer overflow in the Rendezvous / Extensible Messaging and Presence Protocol (XMPP) component (plugins\rendezvous.dll) for Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to execute arbitrary code via a message that triggers the overflow from expansion that occurs during encoding.

Upgrade to version 3.1.5.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Unknown or Incomplete

• CVE ID: 2007-2418 (see also: NVD)
• Bugtraq ID: 23781
• Secunia Advisory ID: 25086
• ISS X-Force ID: 34059
• Related OSVDB ID: 35721 35722
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-05/0001.html
• Vendor Specific News/Changelog Entry: http://blog.ceruleanstudios.com/?p=131
• Other Advisory URL: http://dvlabs.tippingpoint.com/advisory/TPTI-07-06

• Pedram Amini - TippingPoint DVLabs