Trillian 3.1.9.0 DTD File Buffer Overflow Apr 11 2008 04:46PM
david130490 hotmail com
Name:

Trillian 3.1.9.0 DTD File Buffer Overflow

Software:

Trillian 3.1.9.0

Vendor:

Cerulean Studios

Description:

Trillian 3.1.9.0. Basic(and maybe minor versions and other as Pro) is vulnerable to parser xml format in .dtd file type. The explotation requires that the user download a malformed file and installed in a stixe directory and others. The bug is a function that parse .dtd files with SYSTEM and file identifier.

Web:

http://www.ceruleanstudios.com/

Download a poc file:

http://www.p1mp4m.es/index.php?act=attach&type=post&id=18

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus