Vulnerabilities > CVE-2007-3833 - Unspecified vulnerability in Cerulean Studios Trillian 3.1.6.0

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

cerulean-studios

nessus

NVD

Published: 2007-07-17

Updated: 2017-07-29

Summary

The AOL Instant Messenger (AIM) protocol handler in Cerulean Studios Trillian allows remote attackers to create files with arbitrary contents via certain aim: URIs, as demonstrated by a URI that begins with the "aim: &c:\" substring and contains a full pathname in the ini field. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Vulnerable Configurations

Part	Description	Count
Application	Cerulean_Studios Cerulean Studios Trillian 3.1.6.0	1

Nessus

NASL family	Windows
NASL id	TRILLIAN_3_1_7_0.NASL
description	The version of Trillian installed on the remote host contains a buffer overflow in its AIM protocol URI handler in
last seen	2020-06-01
modified	2020-06-02
plugin id	25757
published	2007-07-23
reporter	This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/25757
title	Trillian aim:// URI Handler Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(25757); script_version("1.17"); script_cve_id("CVE-2007-3832", "CVE-2007-3833"); script_bugtraq_id(24927); script_xref(name:"CERT", value:"786920"); script_name(english:"Trillian aim:// URI Handler Vulnerabilities"); script_summary(english:"Checks version number of Trillian"); script_set_attribute(attribute:"synopsis", value: "The remote host contains an instant messaging application that is affected by two vulnerabilities." ); script_set_attribute(attribute:"description", value: "The version of Trillian installed on the remote host contains a buffer overflow in its AIM protocol URI handler in 'aim.dll' and also allows creation of arbitrary files with arbitrary content using specially- crafted 'aim://'' URIs. A remote attacker may be able to leverage these issues to execute arbitrary code as the current user." ); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f055f2d5" ); script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2007/Jul/297" ); script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20160531035922/http://blog.trillian.im/?p=170" ); script_set_attribute(attribute:"solution", value: "Upgrade to Trillian 3.1.7.0 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(119); script_set_attribute(attribute:"plugin_publication_date", value: "2007/07/23"); script_set_attribute(attribute:"vuln_publication_date", value: "2007/07/18"); script_cvs_date("Date: 2018/11/15 20:50:29"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:trillian:trillian"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc."); script_dependencies("trillian_installed.nasl"); script_require_keys("SMB/Trillian/Version"); exit(0); } ver = get_kb_item("SMB/Trillian/Version"); if (ver && ver =~ "^([0-2]\.\|3\.(0\.\|1\.[0-6]\.))") security_hole(get_kb_item("SMB/transport"));

Summary

Vulnerable Configurations

Nessus

References