Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5402

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-5402
Last Modified 07 Mar 2011 10:14:32
Published 10 Dec 2008 01:44:41
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5402

Summary

Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID."

Vulnerable Systems

Application

  • Cerulean Studios Trillian 0.50

  • Cerulean Studios Trillian 0.52

  • Cerulean Studios Trillian 0.60

  • Cerulean Studios Trillian 0.61

  • Cerulean Studios Trillian 0.62

  • Cerulean Studios Trillian 0.63

  • Cerulean Studios Trillian 0.635

  • Cerulean Studios Trillian 0.6351

  • Cerulean Studios Trillian 0.70

  • Cerulean Studios Trillian 0.71

  • Cerulean Studios Trillian 0.72

  • Cerulean Studios Trillian 0.725

  • Cerulean Studios Trillian 0.73

  • Cerulean Studios Trillian 0.74

  • Cerulean Studios Trillian 0.74c

  • Cerulean Studios Trillian 0.74d

  • Cerulean Studios Trillian 0.74e

  • Cerulean Studios Trillian 0.74f

  • Cerulean Studios Trillian 0.74g

  • Cerulean Studios Trillian 0.74i

  • Cerulean Studios Trillian 1.0

  • Cerulean Studios Trillian 2.0

  • Cerulean Studios Trillian 2.1

  • Cerulean Studios Trillian 3.0

  • Cerulean Studios Trillian 3.1

  • Cerulean Studios Trillian 3.1.0.120

  • Cerulean Studios Trillian 3.1.0.121

  • Cerulean Studios Trillian 3.1.10.0

  • Cerulean Studios Trillian 3.1.11.0

  • Cerulean Studios Trillian 3.1.5.0

  • Cerulean Studios Trillian 3.1.5.1

  • Cerulean Studios Trillian 3.1.6.0

  • Cerulean Studios Trillian 3.1.7.0

  • Cerulean Studios Trillian 3.1.8.0

  • Cerulean Studios Trillian 3.1.9.0

  • Cerulean Studios Trillian Pro

  • Cerulean Studios Trillian Pro 1.0

  • Cerulean Studios Trillian Pro 2.0

  • Cerulean Studios Trillian Pro 2.01

  • Cerulean Studios Trillian Pro 3.0

  • Cerulean Studios Trillian Pro 3.1 Build 121

  • Cerulean Studios Trillian Pro 3.1.5.0

  • Ceruleanstudios Trillian

  • Ceruleanstudios Trillian 3.1.0.9

  • Ceruleanstudios Trillian 3.1.9.0

  • Ceruleanstudios Trillian Pro

  • Ceruleanstudios Trillian Pro 3.1.9.0


References

XF - trillian-xml-code-execution(47098)

MISC - http://www.zerodayinitiative.com/advisories/ZDI-08-078

VUPEN - ADV-2008-3348

SECTRACK - 1021334

BID - 32645

BUGTRAQ - 20081205 ZDI-08-078: Trillian IMG SRC ID Memory Corruption Vulnerability

SREASON - 4701

SECUNIA - 33001

OSVDB - 50473

MISC - http://blog.ceruleanstudios.com/?p=404


Last Updated: 27 May 2016 10:48:48