Vulnerabilities > CVE-2002-1486 - Buffer Overflow vulnerability in Cerulean Studios Trillian 0.725/0.73/0.74
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple buffer overflows in the IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service and possibly execute arbitrary code via (1) a large response from the server, (2) a JOIN with a long channel name, (3) a long "raw 221" message, (4) a PRIVMSG with a long nickname, or (5) a long response from an IDENT server.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Exploit-Db
description Trillian 0.6351/0.7x Identd Buffer Overflow Vulnerability. CVE-2002-1486. Remote exploit for windows platform id EDB-ID:21804 last seen 2016-02-02 modified 2002-09-18 published 2002-09-18 reporter Lance Fitz-Herbert source https://www.exploit-db.com/download/21804/ title Trillian 0.6351/0.7x Identd Buffer Overflow Vulnerability description Trillian 0.73/0.74 IRC JOIN Buffer Overflow Vulnerability. CVE-2002-1486. Dos exploit for windows platform id EDB-ID:21813 last seen 2016-02-02 modified 2002-09-20 published 2002-09-20 reporter Lance Fitz-Herbert source https://www.exploit-db.com/download/21813/ title Trillian 0.73/0.74 IRC JOIN Buffer Overflow Vulnerability description Trillian 0.725/0.73/0.74 IRC User Mode Numeric Remote Buffer Overflow Vulnerability. CVE-2002-1486. Dos exploit for windows platform id EDB-ID:21816 last seen 2016-02-02 modified 2002-09-21 published 2002-09-21 reporter Lance Fitz-Herbert source https://www.exploit-db.com/download/21816/ title Trillian 0.725/0.73/0.74 IRC User Mode Numeric Remote Buffer Overflow Vulnerability description Trillian 0.73/0.74 IRC PRIVMSG Buffer Overflow Vulnerability. CVE-2002-1486. Remote exploit for windows platform id EDB-ID:21810 last seen 2016-02-02 modified 2002-09-19 published 2002-09-19 reporter Lance Fitz-Herbert source https://www.exploit-db.com/download/21810/ title Trillian 0.73/0.74 - IRC PRIVMSG Buffer Overflow Vulnerability description Trillian 0.74 IRC Oversized Data Block Buffer Overflow Vulnerability. CVE-2002-1486. Dos exploit for windows platform id EDB-ID:21823 last seen 2016-02-02 modified 2002-09-22 published 2002-09-22 reporter Lance Fitz-Herbert source https://www.exploit-db.com/download/21823/ title Trillian 0.74 IRC Oversized Data Block Buffer Overflow Vulnerability
References
- http://archives.neohapsis.com/archives/bugtraq/2002-09/0258.html
- http://archives.neohapsis.com/archives/bugtraq/2002-09/0266.html
- http://archives.neohapsis.com/archives/bugtraq/2002-09/0268.html
- http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0139.html
- http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0140.html
- http://www.iss.net/security_center/static/10150.php
- http://www.iss.net/security_center/static/10151.php
- http://www.iss.net/security_center/static/10163.php
- http://www.securityfocus.com/bid/5765
- http://www.securityfocus.com/bid/5769
- http://www.securityfocus.com/bid/5777