Vulnerability Details CVE-2004-2304
Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.032
EPSS Ranking 86.6%
CVSS Severity
CVSS v2 Score 7.5
References
- http://lists.seifried.org/pipermail/security/2004-February/001869.html
- http://secunia.com/advisories/10973
- http://security.e-matters.de/advisories/022004.html
- http://securitytracker.com/id?1009220
- http://www.osvdb.org/4056
- http://www.securityfocus.com/bid/9489
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15303
- http://lists.seifried.org/pipermail/security/2004-February/001869.html
- http://secunia.com/advisories/10973
- http://security.e-matters.de/advisories/022004.html
- http://securitytracker.com/id?1009220
- http://www.osvdb.org/4056
- http://www.securityfocus.com/bid/9489
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15303
Products affected by CVE-2004-2304
-
cpe:2.3:a:cerulean_studios:trillian:0.71
-
cpe:2.3:a:cerulean_studios:trillian:0.725
-
cpe:2.3:a:cerulean_studios:trillian:0.73
-
cpe:2.3:a:cerulean_studios:trillian:0.74
-
cpe:2.3:a:cerulean_studios:trillian_pro:1.0
-
cpe:2.3:a:cerulean_studios:trillian_pro:2.0
-
cpe:2.3:a:cerulean_studios:trillian_pro:2.01