Vulnerability Description
The Local ZIM Server (zcs.exe) in Zilab Chat and Instant Messaging (ZIM) Server 2.1 and earlier allow remote attackers to execute arbitrary code via (1) heap-based buffer overflows involving multiple vectors including a long room name and a long source account, and (2) a stack-based buffer overflow with a long username in an information request. NOTE: some of these details are obtained from third party information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zilab | Zim Server | <= 2.1 |
Related Weaknesses (CWE)
References
- http://aluigi.altervista.org/adv/zilabzcsx-adv.txt
- http://aluigi.org/poc/zilabzcsx.zipExploit
- http://secunia.com/advisories/29062Vendor Advisory
- http://www.securityfocus.com/bid/27940Exploit
- http://www.vupen.com/english/advisories/2008/0664
- http://aluigi.altervista.org/adv/zilabzcsx-adv.txt
- http://aluigi.org/poc/zilabzcsx.zipExploit
- http://secunia.com/advisories/29062Vendor Advisory
- http://www.securityfocus.com/bid/27940Exploit
- http://www.vupen.com/english/advisories/2008/0664
FAQ
What is CVE-2008-5279?
CVE-2008-5279 is a vulnerability with a CVSS score of 10.0 (HIGH). The Local ZIM Server (zcs.exe) in Zilab Chat and Instant Messaging (ZIM) Server 2.1 and earlier allow remote attackers to execute arbitrary code via (1) heap-based buffer overflows involving multiple ...
How severe is CVE-2008-5279?
CVE-2008-5279 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-5279?
Check the references section above for vendor advisories and patch information. Affected products include: Zilab Zim Server.