Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:19629
HistoryApr 14, 2008 - 12:00 a.m.

Trillian 3.1.9.0 DTD File Buffer Overflow

2008-04-1400:00:00
vulners.com
9

Name:
Trillian 3.1.9.0 DTD File Buffer Overflow

Software:
Trillian 3.1.9.0

Vendor:
Cerulean Studios

Description:
Trillian 3.1.9.0. Basic(and maybe minor versions and other as Pro) is vulnerable to parser xml
format in .dtd file type. The explotation requires that the user download a malformed file and
installed in a stixe directory and others. The bug is a function that parse .dtd files with SYSTEM
and file identifier.

Web:
http://www.ceruleanstudios.com/

Download a poc file:
http://www.p1mp4m.es/index.php?act=attach&type=post&id=18