Cerulean Studios Trillian vulnerabilities
31 known vulnerabilities affecting cerulean_studios/trillian.
Total CVEs
31
CISA KEV
0
Public exploits
7
Exploited in wild
0
Severity breakdown
CRITICAL8HIGH8MEDIUM15
Vulnerabilities
Page 1 of 2
CVE-2007-3832P3CRITICALCVSS 9.3PoCv3.1.6.02007-07-17
CVE-2007-3832 [CRITICAL] CWE-119 CVE-2007-3832: Buffer overflow in the AOL Instant Messenger (AIM) protocol handler in AIM.DLL in Cerulean Studios T
Buffer overflow in the AOL Instant Messenger (AIM) protocol handler in AIM.DLL in Cerulean Studios Trillian allows remote attackers to execute arbitrary code via a malformed aim: URI, as demonstrated by a long URI beginning with the aim:///#1111111/ substring.
nvd
CVE-2004-1666P3HIGHCVSS 7.5PoCv0.74i2004-12-31
CVE-2004-1666 [HIGH] CVE-2004-1666: Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN servers to execute arbitrary c
Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN servers to execute arbitrary code via a long string that ends in a newline character.
nvd
CVE-2002-1486P3HIGHCVSS 7.5PoCv0.73v0.74+1 more2003-04-02
CVE-2002-1486 [HIGH] CVE-2002-1486: Multiple buffer overflows in the IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC
Multiple buffer overflows in the IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service and possibly execute arbitrary code via (1) a large response from the server, (2) a JOIN with a long channel name, (3) a long "raw 221" message, (4) a PRIVMSG with a long nickname, or (5) a long response from an IDENT server.
nvd
CVE-2005-0633P4HIGHCVSS 7.5PoCv3.02005-03-02
CVE-2005-0633 [HIGH] CVE-2005-0633: Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to execute arbitrary code via a
Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to execute arbitrary code via a crafted PNG image file.
nvd
CVE-2008-5401P3CRITICALCVSS 10.0≤ 3.1.11.0v0.50+33 more2008-12-10
CVE-2008-5401 [CRITICAL] CWE-119 CVE-2008-5401: Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows r
Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to "AIM IMG Tag Parsing."
nvd
CVE-2008-5403P3CRITICALCVSS 10.0v0.50v0.52+33 more2008-12-10
CVE-2008-5403 [CRITICAL] CWE-119 CVE-2008-5403: Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows re
Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag.
nvd
CVE-2008-5402P3CRITICALCVSS 10.0v0.50v0.52+33 more2008-12-10
CVE-2008-5402 [CRITICAL] CWE-399 CVE-2008-5402: Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to e
Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID."
nvd
CVE-2008-2409P3CRITICALCVSS 9.3v0.71v0.73+13 more2008-05-23
CVE-2008-2409 [CRITICAL] CWE-119 CVE-2008-2409: Stack-based buffer overflow in Cerulean Studios Trillian before 3.1.10.0 allows remote attackers to
Stack-based buffer overflow in Cerulean Studios Trillian before 3.1.10.0 allows remote attackers to execute arbitrary code via unspecified attributes in the X-MMS-IM-FORMAT header in an MSN message.
nvd
CVE-2002-1487P4MEDIUMCVSS 5.0PoCv0.742003-04-02
CVE-2002-1487 [MEDIUM] CVE-2002-1487: The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of
The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) by sending the raw messages (1) 206, (2) 211, (3) 213, (4) 214, (5) 215, (6) 217, (7) 218, (8) 243, (9) 302, (10) 317, (11) 324, (12) 332, (13) 333, (14) 352, and (15) 367.
nvd
CVE-2007-3305P3CRITICALCVSS 9.3≤ 3.1.5.12007-06-21
CVE-2007-3305 [CRITICAL] CVE-2007-3305: Heap-based buffer overflow in Cerulean Studios Trillian 3.x before 3.1.6.0 allows remote attackers t
Heap-based buffer overflow in Cerulean Studios Trillian 3.x before 3.1.6.0 allows remote attackers to execute arbitrary code via a message sent through the MSN protocol, or possibly other protocols, with a crafted UTF-8 string, which triggers improper memory allocation for word wrapping when a window width is used as a buffer size, a different vulnerability
nvd
CVE-2008-2008P3CRITICALCVSS 9.3v3.1.9.02008-04-29
CVE-2008-2008 [CRITICAL] CWE-119 CVE-2008-2008: Buffer overflow in the Display Names message feature in Cerulean Studios Trillian Basic and Pro 3.1.
Buffer overflow in the Display Names message feature in Cerulean Studios Trillian Basic and Pro 3.1.9.0 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long nickname in an MSN protocol message.
nvd
CVE-2004-2370P3HIGHCVSS 7.5v0.71v0.73+8 more2004-12-31
CVE-2004-2370 [HIGH] CVE-2004-2370: Stack-based buffer overflow in Trillian 0.71 through 0.74f and Trillian Pro 1.0 through 2.01 allows
Stack-based buffer overflow in Trillian 0.71 through 0.74f and Trillian Pro 1.0 through 2.01 allows remote attackers to execute arbitrary code via a Yahoo Messenger packet with a long key name.
nvd
CVE-2002-2162P4MEDIUMCVSS 4.6PoCv0.73v0.725+1 more2002-12-31
CVE-2002-2162 [MEDIUM] CVE-2002-2162: Cerulean Studios Trillian 0.73 and earlier use weak encrypttion (XOR) for storing user passwords in
Cerulean Studios Trillian 0.73 and earlier use weak encrypttion (XOR) for storing user passwords in .ini files in the Trillian directory, which allows local users to gain access to other user accounts.
nvd
CVE-2004-2304P4HIGHCVSS 7.5v0.71v0.73+2 more2004-12-31
CVE-2004-2304 [HIGH] CVE-2004-2304: Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 and earlier, allows remote atta
Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow.
nvd
CVE-2002-1488P4MEDIUMCVSS 5.0PoCv0.742003-04-02
CVE-2002-1488 [MEDIUM] CVE-2002-1488: The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of
The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) via a PART message with (1) a missing channel or (2) a channel that the Trillian user is not in.
nvd
CVE-2002-2390P4CRITICALCVSS 10.0v0.73v0.742002-12-31
CVE-2002-2390 [CRITICAL] CWE-119 CVE-2002-2390: Buffer overflow in the IDENT daemon (identd) in Trillian 0.6351, 0.725, 0.73, 0.74 and 1.0 pro allow
Buffer overflow in the IDENT daemon (identd) in Trillian 0.6351, 0.725, 0.73, 0.74 and 1.0 pro allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long request.
nvd
CVE-2002-2155P4HIGHCVSS 7.5v0.73v0.7252002-12-31
CVE-2002-2155 [HIGH] CVE-2002-2155: Format string vulnerability in the error handling of IRC invite responses for Trillian 0.725 and 0.7
Format string vulnerability in the error handling of IRC invite responses for Trillian 0.725 and 0.73 allows remote IRC servers to execute arbitrary code via an invite to a channel with format string specifiers in the name.
nvd
CVE-2002-2173P4HIGHCVSS 7.5v0.73v0.7252002-12-31
CVE-2002-2173 [HIGH] CVE-2002-2173: Buffer overflow in the IRC module of Trillian 0.725 and 0.73 allowing remote attackers to execute ar
Buffer overflow in the IRC module of Trillian 0.725 and 0.73 allowing remote attackers to execute arbitrary code via a long DCC Chat message.
nvd
CVE-2009-4831P4MEDIUMCVSS 5.8v3.12010-04-29
CVE-2009-4831 [MEDIUM] CWE-295 CVE-2009-4831: Cerulean Studios Trillian 3.1 Basic does not check SSL certificates during MSN authentication, which
Cerulean Studios Trillian 3.1 Basic does not check SSL certificates during MSN authentication, which allows remote attackers to obtain MSN credentials via a man-in-the-middle attack with a spoofed SSL certificate.
nvd
CVE-2007-3833P4MEDIUMCVSS 5.0v3.1.6.02007-07-17
CVE-2007-3833 [MEDIUM] CVE-2007-3833: The AOL Instant Messenger (AIM) protocol handler in Cerulean Studios Trillian allows remote attacker
The AOL Instant Messenger (AIM) protocol handler in Cerulean Studios Trillian allows remote attackers to create files with arbitrary contents via certain aim: URIs, as demonstrated by a URI that begins with the "aim: &c:\" substring and contains a full pathname in the ini field. NOTE: this can be leveraged for code execution by writing to a Startup folder.
nvd
1 / 2Next →