CVE-2008-2408 – Trillian Multiple Protocol XML Parsing Memory Corruption Vulnerability

https://notcve.org/view.php?id=CVE-2008-2408

Heap-based buffer overflow in the XML parsing functionality in talk.dll in Cerulean Studios Trillian Pro before 3.1.10.0 allows remote attackers to execute arbitrary code via a malformed attribute in an IMG tag. Desbordamiento de búfer basado en montículo en la funcionalidad del analizador sintáctico XML en talk.dll en Cerulean Studios Trillian Pro anteriores a 3.1.10.0, permite a atacantes remotos ejecutar código arbitrario a través de un atributo mal formado en una etiqueta IMG. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cerulean Studios Trillian Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within XML parsing in talk.dll. When processing certain malformed attributes within an 'IMG' tags, it is possible to overwrite past an allocated heap chunk which can eventually lead to code execution under the context of the currently user. • http://archives.neohapsis.com/archives/bugtraq/2008-05/0284.html http://secunia.com/advisories/30336 http://securitytracker.com/id?1020105 http://www.securityfocus.com/bid/29330 http://www.vupen.com/english/advisories/2008/1622 http://www.zerodayinitiative.com/advisories/ZDI-08-030 https://exchange.xforce.ibmcloud.com/vulnerabilities/42581 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •