CVSS: 9.3EPSS: 53%CPEs: 15EXPL: 0CVE-2008-2409 – Trillian MSN MIME Header Stack-Based Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-2409
Stack-based buffer overflow in Cerulean Studios Trillian before 3.1.10.0 allows remote attackers to execute arbitrary code via unspecified attributes in the X-MMS-IM-FORMAT header in an MSN message. Desbordamiento de búfer basado en pila en Cerulean Studios Trillian Pro anteriores a 3.1.10.0, permite a atacantes remotos ejecutar código arbitrario a través de atributos no especificados en la cabecera X-MMS-IM-FORMAT en un mensaje MSN. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cerulean Studios Trillian Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the header parsing code for the msn protocol. When processing the X-MMS-IM-FORMAT header, certain attributes are copied into a buffer located on the stack without any length verification which can eventually lead to code execution with the privileges of the user that is running the application. • http://archives.neohapsis.com/archives/bugtraq/2008-05/0285.html http://secunia.com/advisories/30336 http://securitytracker.com/id?1020106 http://www.securityfocus.com/bid/29330 http://www.vupen.com/english/advisories/2008/1622 http://www.zerodayinitiative.com/advisories/ZDI-08-031 https://exchange.xforce.ibmcloud.com/vulnerabilities/42576 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 6%CPEs: 2EXPL: 0CVE-2008-2008
https://notcve.org/view.php?id=CVE-2008-2008
Buffer overflow in the Display Names message feature in Cerulean Studios Trillian Basic and Pro 3.1.9.0 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long nickname in an MSN protocol message. Desbordamiento de búfer en la característica del mensaje Display Names en Cerulean Studios Trillian Basic y Pro 3.1.9.0 permite a atacantes remotos provocar una denegación de servicio (caída) o ejecutar código de su elección a través de un nickname largo en un mensaje de protocolo MSN. • http://secunia.com/advisories/29952 http://securityreason.com/securityalert/3849 http://www.securityfocus.com/archive/1/491281/100/0/threaded http://www.securityfocus.com/bid/28925 http://www.vupen.com/english/advisories/2008/1368/references • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •