Trillian多个远程溢出漏洞

2008-05-23T00:00:00

Description

BUGTRAQ ID: 29330 Trillian是一个聊天程序，和多种即时通讯程序使用相同的接口，包括AIM、ICQ、Yahoo! Messenger、MSN Messenger和IRC。 Trillian中负责解析MSN协议头的代码中存在栈溢出漏洞，在处理X-MMS-IM-FORMAT头时，有漏洞的代码未经长度检查便将某些属性直接拷贝到了栈上的缓冲区；Trillian在解析FONT标签中带有超长属性值的消息时，sprintf()函数将属性的值直接拷贝到了栈缓冲区上；Trillian的talk.dll在解析XML时没有正确的处理IMG标签中的畸形属性，可能导致覆盖过所分配的堆块。如果用户受骗接受了恶意消息或打开恶意图形文件的话，就可能触发这些溢出，导致执行任意代码。 Cerulean Studios Trillian < 3.1.10.0 Cerulean Studios ---------------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： <a href=http://www.ceruleanstudios.com/downloads/ target=_blank>http://www.ceruleanstudios.com/downloads/</a>

{"sourceData": "", "status": "details", "description": "BUGTRAQ ID: 29330\r\n\r\nTrillian\u662f\u4e00\u4e2a\u804a\u5929\u7a0b\u5e8f\uff0c\u548c\u591a\u79cd\u5373\u65f6\u901a\u8baf\u7a0b\u5e8f\u4f7f\u7528\u76f8\u540c\u7684\u63a5\u53e3\uff0c\u5305\u62ecAIM\u3001ICQ\u3001Yahoo! Messenger\u3001MSN Messenger\u548cIRC\u3002\r\n\r\nTrillian\u4e2d\u8d1f\u8d23\u89e3\u6790MSN\u534f\u8bae\u5934\u7684\u4ee3\u7801\u4e2d\u5b58\u5728\u6808\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5728\u5904\u7406X-MMS-IM-FORMAT\u5934\u65f6\uff0c\u6709\u6f0f\u6d1e\u7684\u4ee3\u7801\u672a\u7ecf\u957f\u5ea6\u68c0\u67e5\u4fbf\u5c06\u67d0\u4e9b\u5c5e\u6027\u76f4\u63a5\u62f7\u8d1d\u5230\u4e86\u6808\u4e0a\u7684\u7f13\u51b2\u533a\uff1bTrillian\u5728\u89e3\u6790FONT\u6807\u7b7e\u4e2d\u5e26\u6709\u8d85\u957f\u5c5e\u6027\u503c\u7684\u6d88\u606f\u65f6\uff0csprintf()\u51fd\u6570\u5c06\u5c5e\u6027\u7684\u503c\u76f4\u63a5\u62f7\u8d1d\u5230\u4e86\u6808\u7f13\u51b2\u533a\u4e0a\uff1bTrillian\u7684talk.dll\u5728\u89e3\u6790XML\u65f6\u6ca1\u6709\u6b63\u786e\u7684\u5904\u7406IMG\u6807\u7b7e\u4e2d\u7684\u7578\u5f62\u5c5e\u6027\uff0c\u53ef\u80fd\u5bfc\u81f4\u8986\u76d6\u8fc7\u6240\u5206\u914d\u7684\u5806\u5757\u3002\r\n\r\n\u5982\u679c\u7528\u6237\u53d7\u9a97\u63a5\u53d7\u4e86\u6076\u610f\u6d88\u606f\u6216\u6253\u5f00\u6076\u610f\u56fe\u5f62\u6587\u4ef6\u7684\u8bdd\uff0c\u5c31\u53ef\u80fd\u89e6\u53d1\u8fd9\u4e9b\u6ea2\u51fa\uff0c\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n\nCerulean Studios Trillian < 3.1.10.0\n Cerulean Studios\r\n----------------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://www.ceruleanstudios.com/downloads/ target=_blank>http://www.ceruleanstudios.com/downloads/</a>", "sourceHref": "", "reporter": "Root", "href": "https://www.seebug.org/vuldb/ssvid-3324", "type": "seebug", "viewCount": 15, "references": [], "lastseen": "2017-11-19T21:41:22", "published": "2008-05-23T00:00:00", "cvelist": [], "id": "SSV:3324", "enchantments_done": [], "modified": "2008-05-23T00:00:00", "title": "Trillian\u591a\u4e2a\u8fdc\u7a0b\u6ea2\u51fa\u6f0f\u6d1e", "cvss": {"score": 0.0, "vector": "NONE"}, "bulletinFamily": "exploit", "enchantments": {"score": {"value": 6.9, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 6.9}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647811239, "score": 1698834387, "epss": 1678851499}, "_internal": {"score_hash": "e43e51f869151741f06482db15a52e1b"}}