CyberSec.Space Logo
Back to CVE Browser

CVE-2008-5279

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1110%
EPSS Percentile31.00th
PublishedNov 29, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

The Local ZIM Server (zcs.exe) in Zilab Chat and Instant Messaging (ZIM) Server 2.1 and earlier allow remote attackers to execute arbitrary code via (1) heap-based buffer overflows involving multiple vectors including a long room name and a long source account, and (2) a stack-based buffer overflow with a long username in an information request. NOTE: some of these details are obtained from third party information.

Affected Platforms (CPE)

πŸ“¦
Zilab

Zim Server

<= 2.1
πŸ“¦
Zilab

Zim Server

= 2.0

References & Advisories

πŸ”— http://aluigi.altervista.org/adv/zilabzcsx-adv.txt
πŸ”— http://aluigi.org/poc/zilabzcsx.zip
πŸ”— http://secunia.com/advisories/29062
πŸ”— http://www.securityfocus.com/bid/27940
πŸ”— http://www.vupen.com/english/advisories/2008/0664
πŸ”— http://aluigi.altervista.org/adv/zilabzcsx-adv.txt
πŸ”— http://aluigi.org/poc/zilabzcsx.zip
πŸ”— http://secunia.com/advisories/29062

Related Vulnerabilities

CVE-2008-52805.0

The Local ZIM Server in Zilab Chat and Instant Messaging (ZIM) Server 2.0 and 2.1 allows remote attackers to cause a denial of ser...

CVE-2008-034310.0

Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 has u...

CVE-2008-073510.0

SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in AuraCMS 2.2 allows remote attackers to execute arbitrary SQL c...

CVE-2008-034410.0

Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and remote a...