CyberSec.Space Logo
返回 CVE 浏览器

CVE-2008-5279

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1110%
EPSS Percentile31.00th
Published2008年11月29日
Last Modified2026年4月23日

Vulnerability Description

The Local ZIM Server (zcs.exe) in Zilab Chat and Instant Messaging (ZIM) Server 2.1 and earlier allow remote attackers to execute arbitrary code via (1) heap-based buffer overflows involving multiple vectors including a long room name and a long source account, and (2) a stack-based buffer overflow with a long username in an information request. NOTE: some of these details are obtained from third party information.

Affected Platforms (CPE)

📦
Zilab

Zim Server

<= 2.1
📦
Zilab

Zim Server

= 2.0

References & Advisories

🔗 http://aluigi.altervista.org/adv/zilabzcsx-adv.txt
🔗 http://aluigi.org/poc/zilabzcsx.zip
🔗 http://secunia.com/advisories/29062
🔗 http://www.securityfocus.com/bid/27940
🔗 http://www.vupen.com/english/advisories/2008/0664
🔗 http://aluigi.altervista.org/adv/zilabzcsx-adv.txt
🔗 http://aluigi.org/poc/zilabzcsx.zip
🔗 http://secunia.com/advisories/29062

相关漏洞威胁

CVE-2008-52805.0

The Local ZIM Server in Zilab Chat and Instant Messaging (ZIM) Server 2.0 and 2.1 allows remote attackers to cause a denial of ser...

CVE-2008-535310.0

The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and...

CVE-2008-535510.0

The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 1...

CVE-2008-034310.0

Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 has u...