Trillian 3.1 basic nick crash

2008.05.03
Risk: Low
Local: Yes
Remote: Yes
CWE: CWE-119


CVSS Base Score: 9.3/10
Impact Subscore: 10/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

I found a flaw in the trillian 3.1 for Windows. It is that on receipt of a nickname too long with some characters, this leads to break the program, the failure of the curious is that when the abri with ollydbg tries to read the argument of the message such as whether to wear the nickname long special characters and message write many letters "A" is the result Access violation when reading [41414141] The test is made using an account of MSN Messenger and I got a nick there till the limit of characters to the next character "?" (without the quotes) and send a message to another account that had msn in trillian. Anyway, is wrong with many more characters that is only one example ... Greetings! Juan Pablo Lopez Yacubian


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top