CVSS: 9.3EPSS: 12%CPEs: 1EXPL: 1CVE-2007-3832 – Trillian 3.1.6.0 - URI Handler Remote Code Execution
https://notcve.org/view.php?id=CVE-2007-3832
Buffer overflow in the AOL Instant Messenger (AIM) protocol handler in AIM.DLL in Cerulean Studios Trillian allows remote attackers to execute arbitrary code via a malformed aim: URI, as demonstrated by a long URI beginning with the aim:///#1111111/ substring. Desbordamiento de búfer en el manejador del protocolo AOL Instant Messenger (AIM) en IM.DLL en Cerulean Studios Trillian permite a atacantes remotos ejecutar código de su elección a través de un aim malformado: URI, como se demostró con una URI larga que comenzaba con la subcadena ///#1111111/ • https://www.exploit-db.com/exploits/30315 http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0356.html http://secunia.com/advisories/26086 http://www.kb.cert.org/vuls/id/786920 http://www.securityfocus.com/bid/24927 http://www.vupen.com/english/advisories/2007/2546 http://www.xs-sniper.com/nmcfeters/Cross-App-Scripting-2.html https://exchange.xforce.ibmcloud.com/vulnerabilities/35447 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 1CVE-2007-3833
https://notcve.org/view.php?id=CVE-2007-3833
The AOL Instant Messenger (AIM) protocol handler in Cerulean Studios Trillian allows remote attackers to create files with arbitrary contents via certain aim: URIs, as demonstrated by a URI that begins with the "aim: &c:\" substring and contains a full pathname in the ini field. NOTE: this can be leveraged for code execution by writing to a Startup folder. El manejador del protocolo de AOL Instant Messenger (AIM) en Cerulean Studios Trillian permite a atacantes remotos crear archivos con contenido de su elecci´n a través de ciertos aim: URIs, como se demostró con la URI que comenzaba con la subcadena "aim: &c:\" y contiene el nombre de ruta completo en el campo ini. NOTA: esto podría solaparse con la ejecución de código a través de la escritura a una carpeta Startup. • http://secunia.com/advisories/26086 http://www.securityfocus.com/bid/24927 http://www.vupen.com/english/advisories/2007/2546 http://www.xs-sniper.com/nmcfeters/Cross-App-Scripting-2.html https://exchange.xforce.ibmcloud.com/vulnerabilities/35449 •