CVE-2002-2366

Buffer overflow in the XML parser of Trillian 0.6351, 0.725 and 0.73 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a skin with a long colors file name in trillian.xml.

Published: Dec 31, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-2366
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
cerulean_studios / trillian	0.6351	0.6351.x
cerulean_studios / trillian	0.73	0.73.x
cerulean_studios / trillian	0.725	0.725.x

http://archives.neohapsis.com/archives/bugtraq/2002-08/0334.html
http://www.iss.net/security_center/static/9999.php
http://www.securityfocus.com/bid/5601

Vulnerability Database

289,871

CVE-2002-2366