Trillian
CVEs (37)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-3833 | 0.00 | — | 0.03 | Jul 17, 2007 | The AOL Instant Messenger (AIM) protocol handler in Cerulean Studios Trillian allows remote attackers to create files with arbitrary contents via certain aim: URIs, as demonstrated by a URI that begins with the "aim: &c:\" substring and contains a full pathname in the ini field.… | |||
| CVE-2007-2478 | 0.00 | — | 0.06 | May 3, 2007 | Multiple heap-based buffer overflows in the IRC component in Cerulean Studios Trillian Pro before 3.1.5.1 allow remote attackers to corrupt memory and possibly execute arbitrary code via (1) a URL with a long UTF-8 string, which triggers the overflow when the user highlights it,… | |||
| CVE-2006-0543 | 0.00 | — | 0.01 | Feb 4, 2006 | Cerulean Trillian 3.1.0.120 allows remote attackers to cause a denial of service (client crash) via an AIM message containing the Mac encoded Rich Text Format (RTF) escape sequences (1) \'d1, (2) \'d2, (3) \'d3, (4) \'d4, and (5) \'d5. NOTE: the provenance of this information… | |||
| CVE-2005-3141 | 0.00 | — | 0.02 | Oct 5, 2005 | Cerulean Studios Trillian 3.0 allows remote attackers to cause a denial of service (crash) via a reverse direct connection from a different client, as demonstrated using LICQ. | |||
| CVE-2005-2444 | 0.00 | — | 0.00 | Aug 3, 2005 | Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores the password in plaintext in a world readable file and does not delete the file after login, which allows local users to obtain sensitive information. | |||
| CVE-2005-0874 | 0.00 | — | 0.02 | May 2, 2005 | Multiple buffer overflows in the (1) AIM, (2) MSN, (3) RSS, and other plug-ins for Trillian 2.0 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header. | |||
| CVE-2005-0875 | 0.00 | — | 0.01 | May 2, 2005 | Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, and 3.1 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header. | |||
| CVE-2004-2370 | 0.00 | — | 0.04 | Dec 31, 2004 | Stack-based buffer overflow in Trillian 0.71 through 0.74f and Trillian Pro 1.0 through 2.01 allows remote attackers to execute arbitrary code via a Yahoo Messenger packet with a long key name. | |||
| CVE-2004-2304 | 0.00 | — | 0.04 | Dec 31, 2004 | Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow. | |||
| CVE-2003-0520 | 0.00 | — | 0.01 | Aug 18, 2003 | Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a denial of service (crash) via a TypingUser message in which the "TypingUser" string has been modified. | |||
| CVE-2002-1485 | 0.00 | — | 0.01 | Apr 2, 2003 | The AIM component of Trillian 0.73 and 0.74 allows remote attackers to cause a denial of service (crash) via certain strings such as "P > O < C". | |||
| CVE-2002-2366 | 0.00 | — | 0.03 | Dec 31, 2002 | Buffer overflow in the XML parser of Trillian 0.6351, 0.725 and 0.73 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a skin with a long colors file name in trillian.xml. | |||
| CVE-2002-2156 | 0.00 | — | 0.02 | Dec 31, 2002 | Buffer overflow in Trillian 0.73 allows remote IRC servers to execute arbitrary code via a long PING response. | |||
| CVE-2002-2173 | 0.00 | — | 0.03 | Dec 31, 2002 | Buffer overflow in the IRC module of Trillian 0.725 and 0.73 allowing remote attackers to execute arbitrary code via a long DCC Chat message. | |||
| CVE-2002-2390 | 0.00 | — | 0.06 | Dec 31, 2002 | Buffer overflow in the IDENT daemon (identd) in Trillian 0.6351, 0.725, 0.73, 0.74 and 1.0 pro allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long request. | |||
| CVE-2002-2155 | 0.00 | — | 0.02 | Dec 31, 2002 | Format string vulnerability in the error handling of IRC invite responses for Trillian 0.725 and 0.73 allows remote IRC servers to execute arbitrary code via an invite to a channel with format string specifiers in the name. | |||
| CVE-2001-1419 | 0.00 | — | 0.02 | Oct 2, 2001 | AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote attackers to cause a denial of service (application crash) via an instant message that contains a large amount of "<!--" HTML comments. |
- CVE-2007-3833Jul 17, 2007risk 0.00cvss —epss 0.03
The AOL Instant Messenger (AIM) protocol handler in Cerulean Studios Trillian allows remote attackers to create files with arbitrary contents via certain aim: URIs, as demonstrated by a URI that begins with the "aim: &c:\" substring and contains a full pathname in the ini field.…
- CVE-2007-2478May 3, 2007risk 0.00cvss —epss 0.06
Multiple heap-based buffer overflows in the IRC component in Cerulean Studios Trillian Pro before 3.1.5.1 allow remote attackers to corrupt memory and possibly execute arbitrary code via (1) a URL with a long UTF-8 string, which triggers the overflow when the user highlights it,…
- CVE-2006-0543Feb 4, 2006risk 0.00cvss —epss 0.01
Cerulean Trillian 3.1.0.120 allows remote attackers to cause a denial of service (client crash) via an AIM message containing the Mac encoded Rich Text Format (RTF) escape sequences (1) \'d1, (2) \'d2, (3) \'d3, (4) \'d4, and (5) \'d5. NOTE: the provenance of this information…
- CVE-2005-3141Oct 5, 2005risk 0.00cvss —epss 0.02
Cerulean Studios Trillian 3.0 allows remote attackers to cause a denial of service (crash) via a reverse direct connection from a different client, as demonstrated using LICQ.
- CVE-2005-2444Aug 3, 2005risk 0.00cvss —epss 0.00
Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores the password in plaintext in a world readable file and does not delete the file after login, which allows local users to obtain sensitive information.
- CVE-2005-0874May 2, 2005risk 0.00cvss —epss 0.02
Multiple buffer overflows in the (1) AIM, (2) MSN, (3) RSS, and other plug-ins for Trillian 2.0 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header.
- CVE-2005-0875May 2, 2005risk 0.00cvss —epss 0.01
Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, and 3.1 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header.
- CVE-2004-2370Dec 31, 2004risk 0.00cvss —epss 0.04
Stack-based buffer overflow in Trillian 0.71 through 0.74f and Trillian Pro 1.0 through 2.01 allows remote attackers to execute arbitrary code via a Yahoo Messenger packet with a long key name.
- CVE-2004-2304Dec 31, 2004risk 0.00cvss —epss 0.04
Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow.
- CVE-2003-0520Aug 18, 2003risk 0.00cvss —epss 0.01
Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a denial of service (crash) via a TypingUser message in which the "TypingUser" string has been modified.
- CVE-2002-1485Apr 2, 2003risk 0.00cvss —epss 0.01
The AIM component of Trillian 0.73 and 0.74 allows remote attackers to cause a denial of service (crash) via certain strings such as "P > O < C".
- CVE-2002-2366Dec 31, 2002risk 0.00cvss —epss 0.03
Buffer overflow in the XML parser of Trillian 0.6351, 0.725 and 0.73 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a skin with a long colors file name in trillian.xml.
- CVE-2002-2156Dec 31, 2002risk 0.00cvss —epss 0.02
Buffer overflow in Trillian 0.73 allows remote IRC servers to execute arbitrary code via a long PING response.
- CVE-2002-2173Dec 31, 2002risk 0.00cvss —epss 0.03
Buffer overflow in the IRC module of Trillian 0.725 and 0.73 allowing remote attackers to execute arbitrary code via a long DCC Chat message.
- CVE-2002-2390Dec 31, 2002risk 0.00cvss —epss 0.06
Buffer overflow in the IDENT daemon (identd) in Trillian 0.6351, 0.725, 0.73, 0.74 and 1.0 pro allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long request.
- CVE-2002-2155Dec 31, 2002risk 0.00cvss —epss 0.02
Format string vulnerability in the error handling of IRC invite responses for Trillian 0.725 and 0.73 allows remote IRC servers to execute arbitrary code via an invite to a channel with format string specifiers in the name.
- CVE-2001-1419Oct 2, 2001risk 0.00cvss —epss 0.02
AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote attackers to cause a denial of service (application crash) via an instant message that contains a large amount of "<!--" HTML comments.
Page 2 of 2