Buffer overflow : Trillian Messenger Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.800205

Categoría: Buffer overflow

Título: Trillian Messenger Multiple Vulnerabilities

Resumen: Trillian Messenger is prone to multiple remote memory corruption vulnerabilities.

Descripción: Summary:
Trillian Messenger is prone to multiple remote memory corruption vulnerabilities.

Vulnerability Insight:
This flaw is due to:

- Boundary check error while generating XML Tags for images which can
be exploited to cause stack overflow.

- An error while processing XML codes which can be exploited to corrupt
an internal data structure and can clear a heap chunk multiple times.

- An boundary error while processing specially crafted XML tags which
can cause a heap overflow.

Vulnerability Impact:
Successful exploitation will let the attacker execute arbitrary codes
in the context of the application and can compromise a vulnerable system.

Affected Software/OS:
Cerulean Studios, Trillian Messenger version prior to 3.1.12.0 on Windows.

Solution:
Upgrade to the version latest 3.1.12.0.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-5401
BugTraq ID: 32645
http://www.securityfocus.com/bid/32645
Bugtraq: 20081205 ZDI-08-077: Trillian AIM IMG Tag Parsing Stack Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/498932/100/0/threaded
http://blog.ceruleanstudios.com/?p=404
http://www.zerodayinitiative.com/advisories/ZDI-08-077
http://osvdb.org/50472
http://www.securitytracker.com/id?1021335
http://secunia.com/advisories/33001
http://securityreason.com/securityalert/4700
http://www.vupen.com/english/advisories/2008/3348
XForce ISS Database: trillian-xmltags-bo(47093)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47093
Common Vulnerability Exposure (CVE) ID: CVE-2008-5402
Bugtraq: 20081205 ZDI-08-078: Trillian IMG SRC ID Memory Corruption Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/498933/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-08-078
http://osvdb.org/50473
http://www.securitytracker.com/id?1021334
http://securityreason.com/securityalert/4701
XForce ISS Database: trillian-xml-code-execution(47098)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47098
Common Vulnerability Exposure (CVE) ID: CVE-2008-5403
Bugtraq: 20081205 ZDI-08-079: Trillian AIM Plugin Malformed XML Tag Heap Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/498936/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-08-079
http://osvdb.org/50474
http://www.securitytracker.com/id?1021336
http://securityreason.com/securityalert/4702
XForce ISS Database: trillian-xml-bo(47100)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47100

Copyright Copyright (C) 2008 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.800205
Categoría:	Buffer overflow
Título:	Trillian Messenger Multiple Vulnerabilities
Resumen:	Trillian Messenger is prone to multiple remote memory corruption vulnerabilities.
Descripción:	Summary: Trillian Messenger is prone to multiple remote memory corruption vulnerabilities. Vulnerability Insight: This flaw is due to: - Boundary check error while generating XML Tags for images which can be exploited to cause stack overflow. - An error while processing XML codes which can be exploited to corrupt an internal data structure and can clear a heap chunk multiple times. - An boundary error while processing specially crafted XML tags which can cause a heap overflow. Vulnerability Impact: Successful exploitation will let the attacker execute arbitrary codes in the context of the application and can compromise a vulnerable system. Affected Software/OS: Cerulean Studios, Trillian Messenger version prior to 3.1.12.0 on Windows. Solution: Upgrade to the version latest 3.1.12.0. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5401 BugTraq ID: 32645 http://www.securityfocus.com/bid/32645 Bugtraq: 20081205 ZDI-08-077: Trillian AIM IMG Tag Parsing Stack Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/498932/100/0/threaded http://blog.ceruleanstudios.com/?p=404 http://www.zerodayinitiative.com/advisories/ZDI-08-077 http://osvdb.org/50472 http://www.securitytracker.com/id?1021335 http://secunia.com/advisories/33001 http://securityreason.com/securityalert/4700 http://www.vupen.com/english/advisories/2008/3348 XForce ISS Database: trillian-xmltags-bo(47093) https://exchange.xforce.ibmcloud.com/vulnerabilities/47093 Common Vulnerability Exposure (CVE) ID: CVE-2008-5402 Bugtraq: 20081205 ZDI-08-078: Trillian IMG SRC ID Memory Corruption Vulnerability (Google Search) http://www.securityfocus.com/archive/1/498933/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-08-078 http://osvdb.org/50473 http://www.securitytracker.com/id?1021334 http://securityreason.com/securityalert/4701 XForce ISS Database: trillian-xml-code-execution(47098) https://exchange.xforce.ibmcloud.com/vulnerabilities/47098 Common Vulnerability Exposure (CVE) ID: CVE-2008-5403 Bugtraq: 20081205 ZDI-08-079: Trillian AIM Plugin Malformed XML Tag Heap Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/498936/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-08-079 http://osvdb.org/50474 http://www.securitytracker.com/id?1021336 http://securityreason.com/securityalert/4702 XForce ISS Database: trillian-xml-bo(47100) https://exchange.xforce.ibmcloud.com/vulnerabilities/47100
Copyright	Copyright (C) 2008 Greenbone AG