CVE-2008-5279

Name of the Vulnerable Software and Affected Versions Zilab Chat and Instant Messaging (ZIM) Server versions 2.1 and earlier

Description The issue allows remote attackers to execute arbitrary code via heap-based buffer overflows involving multiple vectors, including a long room name and a long source account, and a stack-based buffer overflow with a long username in an information request.

Recommendations For Zilab Chat and Instant Messaging (ZIM) Server versions 2.1 and earlier, consider restricting access to the Local ZIM Server (zcs.exe) to minimize the risk of exploitation. As a temporary workaround, avoid using long room names and long source accounts, and restrict the use of long username in information requests until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.