ID CVE-2008-5402
Summary Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID."
References
Vulnerable Configurations
  • cpe:2.3:a:cerulean_studios:trillian:0.50:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:0.50:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:0.52:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:0.52:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:0.60:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:0.60:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:0.61:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:0.61:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:0.62:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:0.62:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:0.63:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:0.63:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:0.70:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:0.70:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:0.71:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:0.71:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:0.72:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:0.72:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:0.73:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:0.73:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:0.74:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:0.74:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:0.74c:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:0.74c:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:0.74d:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:0.74d:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:0.74e:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:0.74e:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:0.74f:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:0.74f:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:0.74g:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:0.74g:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:0.74i:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:0.74i:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:0.635:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:0.635:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:0.725:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:0.725:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:0.6351:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:0.6351:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:1.0:*:pro:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:1.0:*:pro:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:2.0:*:pro:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:2.0:*:pro:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:3.0:*:basic:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:3.0:*:basic:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:3.0:*:pro:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:3.0:*:pro:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:3.1:*:basic:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:3.1:*:basic:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:3.1:*:pro:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:3.1:*:pro:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:3.1.0.120:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:3.1.0.120:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:3.1.0.121:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:3.1.0.121:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:3.1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:3.1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:3.1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:3.1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:3.1.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:3.1.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:3.1.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:3.1.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:3.1.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:3.1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:3.1.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:3.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:3.1.9.0:*:basic:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:3.1.9.0:*:basic:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:3.1.9.0:*:pro:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:3.1.9.0:*:pro:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:3.1.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:3.1.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian:3.1.11.0:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian:3.1.11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian_pro:*:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian_pro:*:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian_pro:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian_pro:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian_pro:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian_pro:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian_pro:2.01:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian_pro:2.01:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian_pro:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian_pro:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian_pro:3.1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian_pro:3.1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cerulean_studios:trillian_pro:3.1_build_121:*:*:*:*:*:*:*
    cpe:2.3:a:cerulean_studios:trillian_pro:3.1_build_121:*:*:*:*:*:*:*
  • cpe:2.3:a:ceruleanstudios:trillian:*:*:*:*:*:*:*:*
    cpe:2.3:a:ceruleanstudios:trillian:*:*:*:*:*:*:*:*
  • cpe:2.3:a:ceruleanstudios:trillian:3.1.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:ceruleanstudios:trillian:3.1.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:ceruleanstudios:trillian:3.1.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:ceruleanstudios:trillian:3.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ceruleanstudios:trillian_pro:*:*:*:*:*:*:*:*
    cpe:2.3:a:ceruleanstudios:trillian_pro:*:*:*:*:*:*:*:*
  • cpe:2.3:a:ceruleanstudios:trillian_pro:3.1.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:ceruleanstudios:trillian_pro:3.1.9.0:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 11-10-2018 - 20:55)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 32645
bugtraq 20081205 ZDI-08-078: Trillian IMG SRC ID Memory Corruption Vulnerability
misc
osvdb 50473
sectrack 1021334
secunia 33001
sreason 4701
vupen ADV-2008-3348
xf trillian-xml-code-execution(47098)
Last major update 11-10-2018 - 20:55
Published 10-12-2008 - 06:44
Last modified 11-10-2018 - 20:55
Back to Top