| VID |
23087 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
P2P |
| Detailed Description |
The Trillian program, according to its version number, has a buffer overflow vulnerability in the MSN portion of Trillian. Trillian is a peer-to-peer (P2P) file sharing program for Microsoft Windows operating system used to share audio, video, and other media files. A buffer overflow vulnerability in the basic Trillian edition occours in the MSN module when receiving a string of around 4096 bytes ended with a newline character from an MSN messenger server. This vulnerability could allow a remote attacker to execute code on the host running the affected Trillian.
* References:
http://www.securiteam.com/windowsntfocus/5UP012AE0Y.html
* Platforms Affected:
Microsoft Windows Any version
Cerulean Studios, Trillian 0.71-0.74 w/ Patch I and earlier |
| Recommendation |
If P2P file sharing is not allowed at your organization, uninstall the Trillian program.
-- OR --
Upgrade to the latest version of Trillian (0.74 Patch J or later), available from the Trillian homepage at http://www.trillian.cc . |
| Related URL |
CVE-2004-1666 (CVE) |
| Related URL |
11142 (SecurityFocus) |
| Related URL |
17292 (ISS) |
|
