Lucene search

[email protected]CVE-2008-5402

HistoryDec 10, 2008 - 6:44 a.m.

CVE-2008-5402

2008-12-1006:44:00

CWE-399

[email protected]

web.nvd.nist.gov

cve-2008-5402

double free

vulnerability

trillian

xml parser

img src id

nvd

7.7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.251 Low

EPSS

Percentile

96.7%

JSON

Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the “IMG SRC ID.”

CPENameOperatorVersion
cerulean_studios:trillian_procerulean studios trillian proeq2.0
ceruleanstudios:trillianceruleanstudios trillianeq3.1.0.9
cerulean_studios:trilliancerulean studios trillianeq3.1.8.0
cerulean_studios:trilliancerulean studios trillianeq3.1.9.0
cerulean_studios:trilliancerulean studios trillianeq0.635
ceruleanstudios:trillian_proceruleanstudios trillian proeq*
cerulean_studios:trilliancerulean studios trillianeq0.71
cerulean_studios:trilliancerulean studios trillianeq3.0
cerulean_studios:trilliancerulean studios trillianeq2.0
ceruleanstudios:trillian_proceruleanstudios trillian proeq3.1.9.0

CPE	Name	Operator	Version
cerulean_studios:trillian_pro	cerulean studios trillian pro	eq	2.0
ceruleanstudios:trillian	ceruleanstudios trillian	eq	3.1.0.9
cerulean_studios:trillian	cerulean studios trillian	eq	3.1.8.0
cerulean_studios:trillian	cerulean studios trillian	eq	3.1.9.0
cerulean_studios:trillian	cerulean studios trillian	eq	0.635
ceruleanstudios:trillian_pro	ceruleanstudios trillian pro	eq	*
cerulean_studios:trillian	cerulean studios trillian	eq	0.71
cerulean_studios:trillian	cerulean studios trillian	eq	3.0
cerulean_studios:trillian	cerulean studios trillian	eq	2.0
ceruleanstudios:trillian_pro	ceruleanstudios trillian pro	eq	3.1.9.0

Rows per page:

1-10 of 471

References

blog.ceruleanstudios.com/?p=404

osvdb.org/50473

secunia.com/advisories/33001

securityreason.com/securityalert/4701

www.securityfocus.com/archive/1/498933/100/0/threaded

www.securityfocus.com/bid/32645

www.securitytracker.com/id?1021334

www.vupen.com/english/advisories/2008/3348

www.zerodayinitiative.com/advisories/ZDI-08-078

exchange.xforce.ibmcloud.com/vulnerabilities/47098

7.7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.251 Low

EPSS

Percentile

96.7%

JSON

Related for CVE-2008-5402

zdi1 cvelist1 prion1 openvas2 nessus1