3 results (0.004 seconds)

CVSS: 10.0EPSS: 70%CPEs: 55EXPL: 0

Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag. Desbordamiento de búfer basado en montículo en el analizador XML en el plugin AIM en Trillian versiones anteriores a 3.1.12.0, que permite a los atacantes remotos ejecutar arbitrariamente código a través de etiquetas XML mal formadas. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cerulean Studios Trillian. Authentication is not required to exploit this vulnerability. The specific flaw exists within the XML processing code for Trillian. When parsing a malformed XML tag, the application does not allocate enough space for it's contents. • http://blog.ceruleanstudios.com/?p=404 http://osvdb.org/50474 http://secunia.com/advisories/33001 http://securityreason.com/securityalert/4702 http://www.securityfocus.com/archive/1/498936/100/0/threaded http://www.securityfocus.com/bid/32645 http://www.securitytracker.com/id?1021336 http://www.vupen.com/english/advisories/2008/3348 http://www.zerodayinitiative.com/advisories/ZDI-08-079 https://exchange.xforce.ibmcloud.com/vulnerabilities/47100 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 71%CPEs: 55EXPL: 0

Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to "AIM IMG Tag Parsing." Desbordamiento de búfer basado en pila en la implementación del tooltip en Trillian anterior a 3.1.12.0, permite a atacantes remotos ejecutar código de su elección a través de un archivo de imagen con un nombre largo. Relacionado con "AIM IMG Tag Parsing." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cerulean Studios Trillian. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tooltip processing code for Trillian. • http://blog.ceruleanstudios.com/?p=404 http://osvdb.org/50472 http://secunia.com/advisories/33001 http://securityreason.com/securityalert/4700 http://www.securityfocus.com/archive/1/498932/100/0/threaded http://www.securityfocus.com/bid/32645 http://www.securitytracker.com/id?1021335 http://www.vupen.com/english/advisories/2008/3348 http://www.zerodayinitiative.com/advisories/ZDI-08-077 https://exchange.xforce.ibmcloud.com/vulnerabilities/47093 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 25%CPEs: 55EXPL: 0

Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID." Vulnerabilidad de doble liberación en el validador en Trillian anterior a v3.1.12.0, permite a atacantes remotos ejecutar código de su elección a través de una expresión XML manipulada. Relacionado con el "IMG SRC ID". This vulnerability allows remote attackers to potentially execute arbitrary code on vulnerable installations of Cerulean Studios Trillian. Authentication is not required to exploit this vulnerability. The specific flaw exists within the XML processing code for Trillian. • http://blog.ceruleanstudios.com/?p=404 http://osvdb.org/50473 http://secunia.com/advisories/33001 http://securityreason.com/securityalert/4701 http://www.securityfocus.com/archive/1/498933/100/0/threaded http://www.securityfocus.com/bid/32645 http://www.securitytracker.com/id?1021334 http://www.vupen.com/english/advisories/2008/3348 http://www.zerodayinitiative.com/advisories/ZDI-08-078 https://exchange.xforce.ibmcloud.com/vulnerabilities/47098 • CWE-399: Resource Management Errors •