CVSS: 10.0EPSS: 70%CPEs: 55EXPL: 0CVE-2008-5403 – Trillian AIM Plugin Malformed XML Tag Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-5403
Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag. Desbordamiento de búfer basado en montículo en el analizador XML en el plugin AIM en Trillian versiones anteriores a 3.1.12.0, que permite a los atacantes remotos ejecutar arbitrariamente código a través de etiquetas XML mal formadas. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cerulean Studios Trillian. Authentication is not required to exploit this vulnerability. The specific flaw exists within the XML processing code for Trillian. When parsing a malformed XML tag, the application does not allocate enough space for it's contents. • http://blog.ceruleanstudios.com/?p=404 http://osvdb.org/50474 http://secunia.com/advisories/33001 http://securityreason.com/securityalert/4702 http://www.securityfocus.com/archive/1/498936/100/0/threaded http://www.securityfocus.com/bid/32645 http://www.securitytracker.com/id?1021336 http://www.vupen.com/english/advisories/2008/3348 http://www.zerodayinitiative.com/advisories/ZDI-08-079 https://exchange.xforce.ibmcloud.com/vulnerabilities/47100 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 71%CPEs: 55EXPL: 0CVE-2008-5401 – Trillian AIM IMG Tag Parsing Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-5401
Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to "AIM IMG Tag Parsing." Desbordamiento de búfer basado en pila en la implementación del tooltip en Trillian anterior a 3.1.12.0, permite a atacantes remotos ejecutar código de su elección a través de un archivo de imagen con un nombre largo. Relacionado con "AIM IMG Tag Parsing." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cerulean Studios Trillian. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tooltip processing code for Trillian. • http://blog.ceruleanstudios.com/?p=404 http://osvdb.org/50472 http://secunia.com/advisories/33001 http://securityreason.com/securityalert/4700 http://www.securityfocus.com/archive/1/498932/100/0/threaded http://www.securityfocus.com/bid/32645 http://www.securitytracker.com/id?1021335 http://www.vupen.com/english/advisories/2008/3348 http://www.zerodayinitiative.com/advisories/ZDI-08-077 https://exchange.xforce.ibmcloud.com/vulnerabilities/47093 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 25%CPEs: 55EXPL: 0CVE-2008-5402 – Trillian IMG SRC ID Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-5402
Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID." Vulnerabilidad de doble liberación en el validador en Trillian anterior a v3.1.12.0, permite a atacantes remotos ejecutar código de su elección a través de una expresión XML manipulada. Relacionado con el "IMG SRC ID". This vulnerability allows remote attackers to potentially execute arbitrary code on vulnerable installations of Cerulean Studios Trillian. Authentication is not required to exploit this vulnerability. The specific flaw exists within the XML processing code for Trillian. • http://blog.ceruleanstudios.com/?p=404 http://osvdb.org/50473 http://secunia.com/advisories/33001 http://securityreason.com/securityalert/4701 http://www.securityfocus.com/archive/1/498933/100/0/threaded http://www.securityfocus.com/bid/32645 http://www.securitytracker.com/id?1021334 http://www.vupen.com/english/advisories/2008/3348 http://www.zerodayinitiative.com/advisories/ZDI-08-078 https://exchange.xforce.ibmcloud.com/vulnerabilities/47098 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 14%CPEs: 1EXPL: 0CVE-2007-2478
https://notcve.org/view.php?id=CVE-2007-2478
Multiple heap-based buffer overflows in the IRC component in Cerulean Studios Trillian Pro before 3.1.5.1 allow remote attackers to corrupt memory and possibly execute arbitrary code via (1) a URL with a long UTF-8 string, which triggers the overflow when the user highlights it, or (2) a font HTML tag with a face attribute containing a long UTF-8 string. Múltiples desbordamientos de búfer basado en pila en el componente IRC en Cerulean Studios Trillian Pro anterior a 3.1.5.1 permite a atacantes remotos corromper la memoria y posiblemente ejecutar código de su eleccióna través de (1) una URL con un cadena larga UTF-8, lo cual dispara un desbordamiento cuando el usuario lo marca, o (2) un etiqueta fuente HTML con un atributo face contiene una cadena UTF-8 larga. • http://blog.ceruleanstudios.com/?p=131 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=522 http://osvdb.org/35721 http://secunia.com/advisories/25086 http://www.securityfocus.com/bid/23730 http://www.securitytracker.com/id?1017982 http://www.vupen.com/english/advisories/2007/1596 https://exchange.xforce.ibmcloud.com/vulnerabilities/33985 https://exchange.xforce.ibmcloud.com/vulnerabilities/33986 •
CVSS: 10.0EPSS: 11%CPEs: 2EXPL: 0CVE-2007-2418
https://notcve.org/view.php?id=CVE-2007-2418
Heap-based buffer overflow in the Rendezvous / Extensible Messaging and Presence Protocol (XMPP) component (plugins\rendezvous.dll) for Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to execute arbitrary code via a message that triggers the overflow from expansion that occurs during encoding. Desbordamiento de búfer basado en pila en el componente Rendezvous / Extensible Messaging y Presence Protocol (XMPP) (plugins\rendezvous.dll) para Cerulean Studios Trillian Pro anterior a 3.1.5.1 permite a atacantes remotos ejecutar código de su elección a través de un mensaje que dispara el desbordamiento de búfer desde la expansión que ocurre a lo largo de la codificación. • http://blog.ceruleanstudios.com/?p=131 http://dvlabs.tippingpoint.com/advisory/TPTI-07-06 http://osvdb.org/35720 http://www.securityfocus.com/archive/1/467439/100/0/threaded http://www.securityfocus.com/bid/23781 https://exchange.xforce.ibmcloud.com/vulnerabilities/34059 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •