Bugtraq mailing list archives
See-security advisory: Trillian Basic 3.0 PNG Processing Buffer overflow
From: tal zeltzer <tal () see-security com>
Date: 6 Mar 2005 00:17:47 -0000
################################################################## # # # See-security Technologies ltd. # # # # http://www.see-security.com # # # ################################################################## [-] Product Information Trillian is a fully featured, stand-alone, skinnable chat client that supports AIM, ICQ, MSN, Yahoo Messenger, and IRC. [-] Vulnerability Description Trillian contains a buffer overflow vulnerability in the way it parse PNG Images [-] Exploit Proof of concept exploit code is available at http://www.hackingdefined.com/exploits/trillian3.tar.gz [-] Exploitation Analysis When triggering this vulnerability the return address is overwritten and the ESP register points to user-controlled data by crafting a malformed structure its possible to execute arbitrary code The structrue is as follows [Malformed PNG Header][shellcode][New return address][get back shellcode] [-] Credits The vulnerability was discovered and exploited by Tal zeltzer
Current thread:
- See-security advisory: Trillian Basic 3.0 PNG Processing Buffer overflow tal zeltzer (Mar 07)