Test ID:	1.3.6.1.4.1.25623.1.0.800205
Category:	Buffer overflow
Title:	Trillian Messenger Multiple Vulnerabilities
Summary:	Trillian Messenger is prone to multiple remote memory corruption vulnerabilities.
Description:	Summary: Trillian Messenger is prone to multiple remote memory corruption vulnerabilities. Vulnerability Insight: This flaw is due to: - Boundary check error while generating XML Tags for images which can be exploited to cause stack overflow. - An error while processing XML codes which can be exploited to corrupt an internal data structure and can clear a heap chunk multiple times. - An boundary error while processing specially crafted XML tags which can cause a heap overflow. Vulnerability Impact: Successful exploitation will let the attacker execute arbitrary codes in the context of the application and can compromise a vulnerable system. Affected Software/OS: Cerulean Studios, Trillian Messenger version prior to 3.1.12.0 on Windows. Solution: Upgrade to the version latest 3.1.12.0. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5401 BugTraq ID: 32645 http://www.securityfocus.com/bid/32645 Bugtraq: 20081205 ZDI-08-077: Trillian AIM IMG Tag Parsing Stack Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/498932/100/0/threaded http://blog.ceruleanstudios.com/?p=404 http://www.zerodayinitiative.com/advisories/ZDI-08-077 http://osvdb.org/50472 http://www.securitytracker.com/id?1021335 http://secunia.com/advisories/33001 http://securityreason.com/securityalert/4700 http://www.vupen.com/english/advisories/2008/3348 XForce ISS Database: trillian-xmltags-bo(47093) https://exchange.xforce.ibmcloud.com/vulnerabilities/47093 Common Vulnerability Exposure (CVE) ID: CVE-2008-5402 Bugtraq: 20081205 ZDI-08-078: Trillian IMG SRC ID Memory Corruption Vulnerability (Google Search) http://www.securityfocus.com/archive/1/498933/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-08-078 http://osvdb.org/50473 http://www.securitytracker.com/id?1021334 http://securityreason.com/securityalert/4701 XForce ISS Database: trillian-xml-code-execution(47098) https://exchange.xforce.ibmcloud.com/vulnerabilities/47098 Common Vulnerability Exposure (CVE) ID: CVE-2008-5403 Bugtraq: 20081205 ZDI-08-079: Trillian AIM Plugin Malformed XML Tag Heap Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/498936/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-08-079 http://osvdb.org/50474 http://www.securitytracker.com/id?1021336 http://securityreason.com/securityalert/4702 XForce ISS Database: trillian-xml-bo(47100) https://exchange.xforce.ibmcloud.com/vulnerabilities/47100
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.