CVE-2008-5401

2008-12-1006:44:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-5401

buffer overflow

trillian

security vulnerability

remote code execution

image tooltip

aim protocol

8.1 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.715 High

EPSS

Percentile

98.1%

JSON

Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to “AIM IMG Tag Parsing.”

CPENameOperatorVersion
cerulean_studios:trillian_procerulean studios trillian proeq2.0
ceruleanstudios:trillianceruleanstudios trillianeq3.1.0.9
cerulean_studios:trilliancerulean studios trillianeq3.1.8.0
cerulean_studios:trilliancerulean studios trillianeq3.1.9.0
cerulean_studios:trilliancerulean studios trillianeq0.635
ceruleanstudios:trillian_proceruleanstudios trillian proeq*
cerulean_studios:trilliancerulean studios trillianeq0.71
cerulean_studios:trilliancerulean studios trillianeq3.0
cerulean_studios:trilliancerulean studios trillianeq2.0
ceruleanstudios:trillian_proceruleanstudios trillian proeq3.1.9.0

CPE	Name	Operator	Version
cerulean_studios:trillian_pro	cerulean studios trillian pro	eq	2.0
ceruleanstudios:trillian	ceruleanstudios trillian	eq	3.1.0.9
cerulean_studios:trillian	cerulean studios trillian	eq	3.1.8.0
cerulean_studios:trillian	cerulean studios trillian	eq	3.1.9.0
cerulean_studios:trillian	cerulean studios trillian	eq	0.635
ceruleanstudios:trillian_pro	ceruleanstudios trillian pro	eq	*
cerulean_studios:trillian	cerulean studios trillian	eq	0.71
cerulean_studios:trillian	cerulean studios trillian	eq	3.0
cerulean_studios:trillian	cerulean studios trillian	eq	2.0
ceruleanstudios:trillian_pro	ceruleanstudios trillian pro	eq	3.1.9.0