Lucene search

MitreCVE-2008-2008

HistoryApr 29, 2008 - 1:09 p.m.

CVE-2008-2008

2008-04-2913:09:00

CWE-119

mitre

web.nvd.nist.gov

cve-2008-2008

buffer overflow

display names

trillian

remote attack

denial of service

arbitrary code

msn protocol

vulnerability

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

Confidence

High

EPSS

0.049

Percentile

92.8%

JSON

Buffer overflow in the Display Names message feature in Cerulean Studios Trillian Basic and Pro 3.1.9.0 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long nickname in an MSN protocol message.

Affected configurations

Nvd

Node

cerulean_studiostrillianMatch3.1.9.0basic

cerulean_studiostrillianMatch3.1.9.0pro

VendorProductVersionCPE
cerulean_studiostrillian3.1.9.0cpe:2.3:a:cerulean_studios:trillian:3.1.9.0:*:basic:*:*:*:*:*
cerulean_studiostrillian3.1.9.0cpe:2.3:a:cerulean_studios:trillian:3.1.9.0:*:pro:*:*:*:*:*

Vendor	Product	Version	CPE
cerulean_studios	trillian	3.1.9.0	cpe:2.3:a:cerulean_studios:trillian:3.1.9.0::basic:::::
cerulean_studios	trillian	3.1.9.0	cpe:2.3:a:cerulean_studios:trillian:3.1.9.0::pro:::::

References

secunia.com/advisories/29952

securityreason.com/securityalert/3849

www.securityfocus.com/archive/1/491281/100/0/threaded

www.securityfocus.com/bid/28925

www.vupen.com/english/advisories/2008/1368/references

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

Confidence

High

EPSS

0.049

Percentile

92.8%

JSON

Related for CVE-2008-2008