| ID |
CVE-2007-3305
|
| Summary |
Heap-based buffer overflow in Cerulean Studios Trillian 3.x before 3.1.6.0 allows remote attackers to execute arbitrary code via a message sent through the MSN protocol, or possibly other protocols, with a crafted UTF-8 string, which triggers improper memory allocation for word wrapping when a window width is used as a buffer size, a different vulnerability than CVE-2007-2478. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 9.3 (as of 29-07-2017 - 01:32) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
| refmap
via4
|
| bid | 24523 | | cert-vn | VU#187033 | | confirm | http://blog.ceruleanstudios.com/?p=150 | | idefense | 20070618 Cerulean Studios Trillian UTF-8 Word Wrap Heap Overflow Vulnerability | | osvdb | 37446 | | sectrack | 1018265 | | secunia | 25736 | | vupen | ADV-2007-2246 | | xf | trillian-utf8-bo(34918) |
|
| Last major update |
29-07-2017 - 01:32 |
| Published |
21-06-2007 - 01:30 |
| Last modified |
29-07-2017 - 01:32 |
