CVE-2008-6563

Trillian 3.1.9.0 - Buffer Overflow in XML Parser via Crafted DTD File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6563. PoCs published by david130490.

AI-analyzed exploit summary This is a vulnerability writeup describing a buffer overflow in Trillian 3.1.9.0 Basic, exploitable via a malicious '.dtd' file. It references an external source for the exploit but does not contain actual exploit code.

Description

Buffer overflow in the XML parser in Trillian 3.1.9.0, and possibly earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DTD file.

Exploits (1)

exploitdb WRITEUP VERIFIED
by david130490 · textremotephp
https://www.exploit-db.com/exploits/31639

This is a vulnerability writeup describing a buffer overflow in Trillian 3.1.9.0 Basic, exploitable via a malicious '.dtd' file. It references an external source for the exploit but does not contain actual exploit code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Trillian 3.1.9.0 Basic
No auth needed
Prerequisites: User interaction to load a malicious '.dtd' file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28747
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41782
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/51130
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/490772/100/0/threaded

Scores

EPSS 0.2605
EPSS Percentile 96.4%

Details

CWE
CWE-119
Status published
Products (1)
ceruleanstudios/trillian 3.1.9.0 (3 CPE variants)
Published Mar 31, 2009
Tracked Since Feb 18, 2026