Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5279

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-5279
Last Modified 07 Mar 2011 10:14:17
Published 28 Nov 2008 09:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5279

Summary

The Local ZIM Server (zcs.exe) in Zilab Chat and Instant Messaging (ZIM) Server 2.1 and earlier allow remote attackers to execute arbitrary code via (1) heap-based buffer overflows involving multiple vectors including a long room name and a long source account, and (2) a stack-based buffer overflow with a long username in an information request. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Zilab Zim Server 2.0

  • Zilab Zim Server 2.1


References

VUPEN - ADV-2008-0664

BID - 27940

SECUNIA - 29062

MISC - http://aluigi.org/poc/zilabzcsx.zip

MISC - http://aluigi.altervista.org/adv/zilabzcsx-adv.txt


Last Updated: 27 May 2016 10:48:46