CVSS: 10.0EPSS: 70%CPEs: 55EXPL: 0CVE-2008-5403 – Trillian AIM Plugin Malformed XML Tag Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-5403
Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag. Desbordamiento de búfer basado en montículo en el analizador XML en el plugin AIM en Trillian versiones anteriores a 3.1.12.0, que permite a los atacantes remotos ejecutar arbitrariamente código a través de etiquetas XML mal formadas. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cerulean Studios Trillian. Authentication is not required to exploit this vulnerability. The specific flaw exists within the XML processing code for Trillian. When parsing a malformed XML tag, the application does not allocate enough space for it's contents. • http://blog.ceruleanstudios.com/?p=404 http://osvdb.org/50474 http://secunia.com/advisories/33001 http://securityreason.com/securityalert/4702 http://www.securityfocus.com/archive/1/498936/100/0/threaded http://www.securityfocus.com/bid/32645 http://www.securitytracker.com/id?1021336 http://www.vupen.com/english/advisories/2008/3348 http://www.zerodayinitiative.com/advisories/ZDI-08-079 https://exchange.xforce.ibmcloud.com/vulnerabilities/47100 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 71%CPEs: 55EXPL: 0CVE-2008-5401 – Trillian AIM IMG Tag Parsing Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-5401
Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to "AIM IMG Tag Parsing." Desbordamiento de búfer basado en pila en la implementación del tooltip en Trillian anterior a 3.1.12.0, permite a atacantes remotos ejecutar código de su elección a través de un archivo de imagen con un nombre largo. Relacionado con "AIM IMG Tag Parsing." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cerulean Studios Trillian. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tooltip processing code for Trillian. • http://blog.ceruleanstudios.com/?p=404 http://osvdb.org/50472 http://secunia.com/advisories/33001 http://securityreason.com/securityalert/4700 http://www.securityfocus.com/archive/1/498932/100/0/threaded http://www.securityfocus.com/bid/32645 http://www.securitytracker.com/id?1021335 http://www.vupen.com/english/advisories/2008/3348 http://www.zerodayinitiative.com/advisories/ZDI-08-077 https://exchange.xforce.ibmcloud.com/vulnerabilities/47093 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 25%CPEs: 55EXPL: 0CVE-2008-5402 – Trillian IMG SRC ID Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-5402
Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID." Vulnerabilidad de doble liberación en el validador en Trillian anterior a v3.1.12.0, permite a atacantes remotos ejecutar código de su elección a través de una expresión XML manipulada. Relacionado con el "IMG SRC ID". This vulnerability allows remote attackers to potentially execute arbitrary code on vulnerable installations of Cerulean Studios Trillian. Authentication is not required to exploit this vulnerability. The specific flaw exists within the XML processing code for Trillian. • http://blog.ceruleanstudios.com/?p=404 http://osvdb.org/50473 http://secunia.com/advisories/33001 http://securityreason.com/securityalert/4701 http://www.securityfocus.com/archive/1/498933/100/0/threaded http://www.securityfocus.com/bid/32645 http://www.securitytracker.com/id?1021334 http://www.vupen.com/english/advisories/2008/3348 http://www.zerodayinitiative.com/advisories/ZDI-08-078 https://exchange.xforce.ibmcloud.com/vulnerabilities/47098 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 15%CPEs: 1EXPL: 0CVE-2008-2408 – Trillian Multiple Protocol XML Parsing Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-2408
Heap-based buffer overflow in the XML parsing functionality in talk.dll in Cerulean Studios Trillian Pro before 3.1.10.0 allows remote attackers to execute arbitrary code via a malformed attribute in an IMG tag. Desbordamiento de búfer basado en montículo en la funcionalidad del analizador sintáctico XML en talk.dll en Cerulean Studios Trillian Pro anteriores a 3.1.10.0, permite a atacantes remotos ejecutar código arbitrario a través de un atributo mal formado en una etiqueta IMG. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cerulean Studios Trillian Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within XML parsing in talk.dll. When processing certain malformed attributes within an 'IMG' tags, it is possible to overwrite past an allocated heap chunk which can eventually lead to code execution under the context of the currently user. • http://archives.neohapsis.com/archives/bugtraq/2008-05/0284.html http://secunia.com/advisories/30336 http://securitytracker.com/id?1020105 http://www.securityfocus.com/bid/29330 http://www.vupen.com/english/advisories/2008/1622 http://www.zerodayinitiative.com/advisories/ZDI-08-030 https://exchange.xforce.ibmcloud.com/vulnerabilities/42581 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 11%CPEs: 2EXPL: 0CVE-2007-2418
https://notcve.org/view.php?id=CVE-2007-2418
Heap-based buffer overflow in the Rendezvous / Extensible Messaging and Presence Protocol (XMPP) component (plugins\rendezvous.dll) for Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to execute arbitrary code via a message that triggers the overflow from expansion that occurs during encoding. Desbordamiento de búfer basado en pila en el componente Rendezvous / Extensible Messaging y Presence Protocol (XMPP) (plugins\rendezvous.dll) para Cerulean Studios Trillian Pro anterior a 3.1.5.1 permite a atacantes remotos ejecutar código de su elección a través de un mensaje que dispara el desbordamiento de búfer desde la expansión que ocurre a lo largo de la codificación. • http://blog.ceruleanstudios.com/?p=131 http://dvlabs.tippingpoint.com/advisory/TPTI-07-06 http://osvdb.org/35720 http://www.securityfocus.com/archive/1/467439/100/0/threaded http://www.securityfocus.com/bid/23781 https://exchange.xforce.ibmcloud.com/vulnerabilities/34059 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •