| VID |
23062 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
P2P |
| Detailed Description |
The Trillian program, according to its version number, has buffer overflow vulnerabilities. Trillian is a peer-to-peer (P2P) file sharing program for Microsoft Windows operating system used to share audio, video, and other media files. Two buffer overflow vulnerabilities below in the AOL Instant Messenger (AIM) portion of Trillian could allow an attacker to execute code on the host running the affected Trillian:
1. AIM/Oscar DirectIM Integer Overflow
2. Yahoo Packet Parser Overflow
* References:
http://security.e-matters.de/advisories/022004.html
* Platforms Affected:
Microsoft Windows Any version
Trillian 0.71-0.74 w/ Patch F
Trillian Pro 1.0, 2.0, 2.01 |
| Recommendation |
If P2P file sharing is not allowed at your organization, uninstall the Trillian program.
-- OR --
Upgrade to the latest version of Trillian (0.74 Patch G or later), available from the Trillian homepage at http://www.trillian.cc . |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
