[原文]Buffer overflow in the XML parser of Trillian 0.6351, 0.725 and 0.73 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a skin with a long colors file name in trillian.xml.
A local overflow exists in Trillian. Trillian fails to validate the length of the "color file" variable in the trillian.xml skin file resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code resulting in a loss of integrity.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.