Vulnerability Description
Multiple heap-based buffer overflows in the IRC component in Cerulean Studios Trillian Pro before 3.1.5.1 allow remote attackers to corrupt memory and possibly execute arbitrary code via (1) a URL with a long UTF-8 string, which triggers the overflow when the user highlights it, or (2) a font HTML tag with a face attribute containing a long UTF-8 string.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cerulean Studios | Trillian Pro | <= 3.1.5.0 |
References
- http://blog.ceruleanstudios.com/?p=131Patch
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=522Vendor Advisory
- http://osvdb.org/35721
- http://secunia.com/advisories/25086PatchVendor Advisory
- http://www.securityfocus.com/bid/23730Patch
- http://www.securitytracker.com/id?1017982Patch
- http://www.vupen.com/english/advisories/2007/1596
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33985
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33986
- http://blog.ceruleanstudios.com/?p=131Patch
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=522Vendor Advisory
- http://osvdb.org/35721
- http://secunia.com/advisories/25086PatchVendor Advisory
- http://www.securityfocus.com/bid/23730Patch
- http://www.securitytracker.com/id?1017982Patch
FAQ
What is CVE-2007-2478?
CVE-2007-2478 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple heap-based buffer overflows in the IRC component in Cerulean Studios Trillian Pro before 3.1.5.1 allow remote attackers to corrupt memory and possibly execute arbitrary code via (1) a URL wit...
How severe is CVE-2007-2478?
CVE-2007-2478 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2478?
Check the references section above for vendor advisories and patch information. Affected products include: Cerulean Studios Trillian Pro.