{"vuid":"VU#187033","idnumber":"187033","name":"Cerulean Studios Trillian Instant Messenger fails to properly handle \"UTF-8\" sequences","keywords":["Cerulean Studios","Trillian Instant Messenger","buffer overflow","heap overflow","UTF-8 sequences"],"overview":"A vulnerability in Cerulean Studios Trillian Instant Messenger client may lead to execution of arbitrary code.","clean_desc":"Cerulean Studios Trillian Instant Messenger client fails to properly handle specially crafted UTF-8 text. A heap overflow may occur when Trillian receives a messages with malformed UTF-8 strings.","impact":"A remote, authenticated attacker may be able to execute arbitrary code with the privileges of the user or cause a denial-of-service condition by sending the client a message.","resolution":"Update Cerulean Studios has released an update to address this issue. See the Cerulean Studios Blog for more information.","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported in iDefense Public Advisory \n6.18.07 iDefense credits www.BlurredLogic.com with reporting this issue.","author":"This document was written by Chris Taschner.","public":["http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=545","http://secunia.com/advisories/25736/","http://blog.ceruleanstudios.com/?p=150"],"cveids":["CVE-2007-2478"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2007-06-19T12:04:16Z","publicdate":"2007-06-18T00:00:00Z","datefirstpublished":"2007-06-20T19:54:34Z","dateupdated":"2007-06-29T16:18:07Z","revision":11,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"10","cam_impact":"18","cam_easeofexploitation":"5","cam_attackeraccessrequired":"20","cam_scorecurrent":"6.075","cam_scorecurrentwidelyknown":"7.7625","cam_scorecurrentwidelyknownexploited":"14.5125","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":6.075,"vulnote":null}