7.1

CVE-2007-2479

Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed response that is not truncated by a newline, which can cause portions of a server message to be sent to the attacker.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cerulean StudiosTrillian Version3.1 SwEditionbasic
Cerulean StudiosTrillian Version3.1 SwEditionpro
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.54% 0.829
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 7.1 8.6 6.9
AV:N/AC:M/Au:N/C:C/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://blog.ceruleanstudios.com/?p=131
Broken Link
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=522
Broken Link
http://secunia.com/advisories/25086
Third Party Advisory
http://www.securityfocus.com/bid/23730
Third Party Advisory
http://www.securitytracker.com/id?1017982
Third Party Advisory
http://www.vupen.com/english/advisories/2007/1596
Broken Link
http://osvdb.org/35722
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/33983