CVE-2007-2479

Severity Score

5.9

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed response that is not truncated by a newline, which can cause portions of a server message to be sent to the attacker.

Cerulean Studios Trillian Pro anterior a 3.1.5.1 permite a atacantes remotos obtener informacion potencialmente sensible a través de mensajes CTCP PING largo que contienen caracteres UTF-8, lo cual genera una respuesta malformada que no está truncado por una nueva linea, lo cual puede provovcar que porciones de una mensaje de servidor sean enviados a el atacante.

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-05-02 CVE Reserved
2007-05-03 CVE Published
2024-08-07 CVE Updated
2024-11-12 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (8)

URL	Tag	Source
http://blog.ceruleanstudios.com/?p=131	Broken Link
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=522	Broken Link
http://osvdb.org/35722	Broken Link
http://secunia.com/advisories/25086	Third Party Advisory
http://www.securityfocus.com/bid/23730	Third Party Advisory
http://www.securitytracker.com/id?1017982	Third Party Advisory
http://www.vupen.com/english/advisories/2007/1596	Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/33983	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cerulean Studios Search vendor "Cerulean Studios"		Trillian Search vendor "Cerulean Studios" for product "Trillian"				3.1 Search vendor "Cerulean Studios" for product "Trillian" and version "3.1"		basic		Affected
Cerulean Studios Search vendor "Cerulean Studios"		Trillian Search vendor "Cerulean Studios" for product "Trillian"				3.1 Search vendor "Cerulean Studios" for product "Trillian" and version "3.1"		pro		Affected