Name: Trillian 3.1.9.0 DTD File Buffer Overflow Software: Trillian 3.1.9.0 Vendor: Cerulean Studios Description: Trillian 3.1.9.0. Basic(and maybe minor versions and other as Pro) is vulnerable to parser xml format in .dtd file type. The explotation requires that the user download a malformed file and installed in a stixe directory and others. The bug is a function that parse .dtd files with SYSTEM and file identifier. Web: http://www.ceruleanstudios.com/ Download a poc file: http://www.p1mp4m.es/index.php?act=attach&type=post&id=18
