Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2408

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-2408
Last Modified 07 Mar 2011 10:09:08
Published 23 May 2008 11:32:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2408

Summary

Heap-based buffer overflow in the XML parsing functionality in talk.dll in Cerulean Studios Trillian Pro before 3.1.10.0 allows remote attackers to execute arbitrary code via a malformed attribute in an IMG tag.

Vulnerable Systems

Application

  • Ceruleanstudios Trillian Pro 3.1.9.0


References

BID - 29330

XF - trillian-talk-bo(42581)

MISC - http://www.zerodayinitiative.com/advisories/ZDI-08-030/

VUPEN - ADV-2008-1622

SECTRACK - 1020105

SECUNIA - 30336

BUGTRAQ - 20080521 ZDI-08-030: Trillian Multiple Protocol XML Parsing Memory Corruption Vulnerability


Last Updated: 27 May 2016 10:47:51