Vulnerability Details : CVE-2007-2478
Multiple heap-based buffer overflows in the IRC component in Cerulean Studios Trillian Pro before 3.1.5.1 allow remote attackers to corrupt memory and possibly execute arbitrary code via (1) a URL with a long UTF-8 string, which triggers the overflow when the user highlights it, or (2) a font HTML tag with a face attribute containing a long UTF-8 string.
Vulnerability category: Execute code
Products affected by CVE-2007-2478
- cpe:2.3:a:cerulean_studios:trillian_pro:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-2478
17.30%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-2478
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
References for CVE-2007-2478
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/33986
-
http://blog.ceruleanstudios.com/?p=131
Patch
-
http://www.vupen.com/english/advisories/2007/1596
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/33985
-
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=522
Vendor Advisory
-
http://www.securitytracker.com/id?1017982
Patch
-
http://www.securityfocus.com/bid/23730
Patch
Jump to