Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2407

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-2407
Last Modified 07 Mar 2011 10:09:08
Published 23 May 2008 11:32:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2407

Summary

Stack-based buffer overflow in AIM.DLL in Cerulean Studios Trillian before 3.1.10.0 allows user-assisted remote attackers to execute arbitrary code via a long attribute value in a FONT tag in a message.

Vulnerable Systems

Application

  • Ceruleanstudios Trillian 3.1.9.0


References

BID - 29330

XF - trillian-aimdll-bo(42582)

MISC - http://www.zerodayinitiative.com/advisories/ZDI-08-029/

VUPEN - ADV-2008-1622

BUGTRAQ - 20080521 ZDI-08-029: Trillian AIM.DLL Long HTML Font Parameter Stack Overflow Vulnerability

SECTRACK - 1020104

SECUNIA - 30336


Last Updated: 27 May 2016 10:47:51