CVE-2008-5403

Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://blog.ceruleanstudios.com/?p=404	Vendor Advisory
http://osvdb.org/50474
http://secunia.com/advisories/33001	Vendor Advisory
http://securityreason.com/securityalert/4702
http://www.securityfocus.com/archive/1/498936/100/0/threaded
http://www.securityfocus.com/bid/32645
http://www.securitytracker.com/id?1021336
http://www.vupen.com/english/advisories/2008/3348
http://www.zerodayinitiative.com/advisories/ZDI-08-079
https://exchange.xforce.ibmcloud.com/vulnerabilities/47100
http://blog.ceruleanstudios.com/?p=404	Vendor Advisory
http://osvdb.org/50474
http://secunia.com/advisories/33001	Vendor Advisory
http://securityreason.com/securityalert/4702
http://www.securityfocus.com/archive/1/498936/100/0/threaded
http://www.securityfocus.com/bid/32645
http://www.securitytracker.com/id?1021336
http://www.vupen.com/english/advisories/2008/3348
http://www.zerodayinitiative.com/advisories/ZDI-08-079
https://exchange.xforce.ibmcloud.com/vulnerabilities/47100

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cerulean_studios:trillian:0.50:::::::*
	cpe:2.3:a:cerulean_studios:trillian:0.52:::::::*
	cpe:2.3:a:cerulean_studios:trillian:0.60:::::::*
	cpe:2.3:a:cerulean_studios:trillian:0.61:::::::*
	cpe:2.3:a:cerulean_studios:trillian:0.62:::::::*
	cpe:2.3:a:cerulean_studios:trillian:0.63:::::::*
	cpe:2.3:a:cerulean_studios:trillian:0.70:::::::*
	cpe:2.3:a:cerulean_studios:trillian:0.71:::::::*
	cpe:2.3:a:cerulean_studios:trillian:0.72:::::::*
	cpe:2.3:a:cerulean_studios:trillian:0.73:::::::*
	cpe:2.3:a:cerulean_studios:trillian:0.74:::::::*
	cpe:2.3:a:cerulean_studios:trillian:0.74c:::::::*
	cpe:2.3:a:cerulean_studios:trillian:0.74d:::::::*
	cpe:2.3:a:cerulean_studios:trillian:0.74e:::::::*
	cpe:2.3:a:cerulean_studios:trillian:0.74f:::::::*
	cpe:2.3:a:cerulean_studios:trillian:0.74g:::::::*
	cpe:2.3:a:cerulean_studios:trillian:0.74i:::::::*
	cpe:2.3:a:cerulean_studios:trillian:0.635:::::::*
	cpe:2.3:a:cerulean_studios:trillian:0.725:::::::*
	cpe:2.3:a:cerulean_studios:trillian:0.6351:::::::*
	cpe:2.3:a:cerulean_studios:trillian:1.0:::::::*
	cpe:2.3:a:cerulean_studios:trillian:1.0::pro:::::
	cpe:2.3:a:cerulean_studios:trillian:2.0:::::::*
	cpe:2.3:a:cerulean_studios:trillian:2.0::pro:::::
	cpe:2.3:a:cerulean_studios:trillian:2.1:::::::*
	cpe:2.3:a:cerulean_studios:trillian:3.0:::::::*
	cpe:2.3:a:cerulean_studios:trillian:3.0::basic:::::
	cpe:2.3:a:cerulean_studios:trillian:3.0::pro:::::
	cpe:2.3:a:cerulean_studios:trillian:3.1:::::::*
	cpe:2.3:a:cerulean_studios:trillian:3.1::basic:::::
	cpe:2.3:a:cerulean_studios:trillian:3.1::pro:::::
	cpe:2.3:a:cerulean_studios:trillian:3.1.0.120:::::::*
	cpe:2.3:a:cerulean_studios:trillian:3.1.0.121:::::::*
	cpe:2.3:a:cerulean_studios:trillian:3.1.5.0:::::::*
	cpe:2.3:a:cerulean_studios:trillian:3.1.5.1:::::::*
	cpe:2.3:a:cerulean_studios:trillian:3.1.6.0:::::::*
	cpe:2.3:a:cerulean_studios:trillian:3.1.7.0:::::::*
	cpe:2.3:a:cerulean_studios:trillian:3.1.8.0:::::::*
	cpe:2.3:a:cerulean_studios:trillian:3.1.9.0:::::::*
	cpe:2.3:a:cerulean_studios:trillian:3.1.9.0::basic:::::
	cpe:2.3:a:cerulean_studios:trillian:3.1.9.0::pro:::::
	cpe:2.3:a:cerulean_studios:trillian:3.1.10.0:::::::*
	cpe:2.3:a:cerulean_studios:trillian:3.1.11.0:::::::*
	cpe:2.3:a:cerulean_studios:trillian_pro::::::::
	cpe:2.3:a:cerulean_studios:trillian_pro:1.0:::::::*
	cpe:2.3:a:cerulean_studios:trillian_pro:2.0:::::::*
	cpe:2.3:a:cerulean_studios:trillian_pro:2.01:::::::*
	cpe:2.3:a:cerulean_studios:trillian_pro:3.0:::::::*
	cpe:2.3:a:cerulean_studios:trillian_pro:3.1.5.0:::::::*
	cpe:2.3:a:cerulean_studios:trillian_pro:3.1_build_121:::::::*
	cpe:2.3:a:ceruleanstudios:trillian::::::::
	cpe:2.3:a:ceruleanstudios:trillian:3.1.0.9:::::::*
	cpe:2.3:a:ceruleanstudios:trillian:3.1.9.0:::::::*
	cpe:2.3:a:ceruleanstudios:trillian_pro::::::::
	cpe:2.3:a:ceruleanstudios:trillian_pro:3.1.9.0:::::::*

History

21 Nov 2024, 00:54

Type	Values Removed	Values Added
References	~~() http://blog.ceruleanstudios.com/?p=404 - Vendor Advisory~~	() http://blog.ceruleanstudios.com/?p=404 - Vendor Advisory
References	~~() http://osvdb.org/50474 -~~	() http://osvdb.org/50474 -
References	~~() http://secunia.com/advisories/33001 - Vendor Advisory~~	() http://secunia.com/advisories/33001 - Vendor Advisory
References	~~() http://securityreason.com/securityalert/4702 -~~	() http://securityreason.com/securityalert/4702 -
References	~~() http://www.securityfocus.com/archive/1/498936/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/498936/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/32645 -~~	() http://www.securityfocus.com/bid/32645 -
References	~~() http://www.securitytracker.com/id?1021336 -~~	() http://www.securitytracker.com/id?1021336 -
References	~~() http://www.vupen.com/english/advisories/2008/3348 -~~	() http://www.vupen.com/english/advisories/2008/3348 -
References	~~() http://www.zerodayinitiative.com/advisories/ZDI-08-079 -~~	() http://www.zerodayinitiative.com/advisories/ZDI-08-079 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/47100 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/47100 -

Information

Published : 2008-12-10 06:44

Updated : 2024-11-21 00:54

NVD link : CVE-2008-5403

Mitre link : CVE-2008-5403

CVE.ORG link : CVE-2008-5403

JSON object : View

Products Affected

cerulean_studios

trillian
trillian_pro

ceruleanstudios

trillian_pro
trillian

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

10.0 /10