Cerulean Studios
Products
1- 37 CVEs
Recent CVEs
37| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-2479 | Med | 0.39 | 5.9 | 0.03 | May 3, 2007 | Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed response that is not truncated by a newline, which can cause portions of a… | ||
| CVE-2007-3832 | 0.04 | — | 0.12 | Jul 17, 2007 | Buffer overflow in the AOL Instant Messenger (AIM) protocol handler in AIM.DLL in Cerulean Studios Trillian allows remote attackers to execute arbitrary code via a malformed aim: URI, as demonstrated by a long URI beginning with the aim:///#1111111/ substring. | |||
| CVE-2004-1666 | 0.04 | — | 0.10 | Dec 31, 2004 | Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN servers to execute arbitrary code via a long string that ends in a newline character. | |||
| CVE-2002-1487 | 0.04 | — | 0.14 | Apr 2, 2003 | The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) by sending the raw messages (1) 206, (2) 211, (3) 213, (4) 214, (5) 215, (6) 217, (7) 218, (8) 243, (9) 302, (10) 317, (11) 324, (12) 332, (13) 333, (14) 352, and… | |||
| CVE-2002-1486 | 0.04 | — | 0.09 | Apr 2, 2003 | Multiple buffer overflows in the IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service and possibly execute arbitrary code via (1) a large response from the server, (2) a JOIN with a long channel name, (3) a long "raw 221"… | |||
| CVE-2008-6563 | 0.03 | — | 0.06 | Mar 31, 2009 | Buffer overflow in the XML parser in Trillian 3.1.9.0, and possibly earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DTD file. | |||
| CVE-2005-0633 | 0.03 | — | 0.05 | Mar 2, 2005 | Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to execute arbitrary code via a crafted PNG image file. | |||
| CVE-2002-1488 | 0.03 | — | 0.03 | Apr 2, 2003 | The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) via a PART message with (1) a missing channel or (2) a channel that the Trillian user is not in. | |||
| CVE-2002-2162 | 0.03 | — | 0.01 | Dec 31, 2002 | Cerulean Studios Trillian 0.73 and earlier use weak encrypttion (XOR) for storing user passwords in .ini files in the Trillian directory, which allows local users to gain access to other user accounts. | |||
| CVE-2008-5403 | 0.01 | — | 0.08 | Dec 10, 2008 | Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag. | |||
| CVE-2008-5402 | 0.01 | — | 0.07 | Dec 10, 2008 | Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID." | |||
| CVE-2008-5401 | 0.01 | — | 0.08 | Dec 10, 2008 | Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to "AIM IMG Tag Parsing." | |||
| CVE-2007-3305 | 0.01 | — | 0.08 | Jun 21, 2007 | Heap-based buffer overflow in Cerulean Studios Trillian 3.x before 3.1.6.0 allows remote attackers to execute arbitrary code via a message sent through the MSN protocol, or possibly other protocols, with a crafted UTF-8 string, which triggers improper memory allocation for word… | |||
| CVE-2007-2418 | 0.01 | — | 0.06 | May 2, 2007 | Heap-based buffer overflow in the Rendezvous / Extensible Messaging and Presence Protocol (XMPP) component (plugins\rendezvous.dll) for Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to execute arbitrary code via a message that triggers the overflow from… | |||
| CVE-2012-5824 | 0.00 | — | 0.01 | Nov 4, 2012 | Trillian 5.1.0.19 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, a different… | |||
| CVE-2009-4831 | 0.00 | — | 0.01 | Apr 29, 2010 | Cerulean Studios Trillian 3.1 Basic does not check SSL certificates during MSN authentication, which allows remote attackers to obtain MSN credentials via a man-in-the-middle attack with a spoofed SSL certificate. | |||
| CVE-2008-2409 | 0.00 | — | 0.06 | May 23, 2008 | Stack-based buffer overflow in Cerulean Studios Trillian before 3.1.10.0 allows remote attackers to execute arbitrary code via unspecified attributes in the X-MMS-IM-FORMAT header in an MSN message. | |||
| CVE-2008-2408 | 0.00 | — | 0.06 | May 23, 2008 | Heap-based buffer overflow in the XML parsing functionality in talk.dll in Cerulean Studios Trillian Pro before 3.1.10.0 allows remote attackers to execute arbitrary code via a malformed attribute in an IMG tag. | |||
| CVE-2008-2407 | 0.00 | — | 0.06 | May 23, 2008 | Stack-based buffer overflow in AIM.DLL in Cerulean Studios Trillian before 3.1.10.0 allows user-assisted remote attackers to execute arbitrary code via a long attribute value in a FONT tag in a message. | |||
| CVE-2008-2008 | 0.00 | — | 0.04 | Apr 29, 2008 | Buffer overflow in the Display Names message feature in Cerulean Studios Trillian Basic and Pro 3.1.9.0 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long nickname in an MSN protocol message. |
- risk 0.39cvss 5.9epss 0.03
Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed response that is not truncated by a newline, which can cause portions of a…
- CVE-2007-3832Jul 17, 2007risk 0.04cvss —epss 0.12
Buffer overflow in the AOL Instant Messenger (AIM) protocol handler in AIM.DLL in Cerulean Studios Trillian allows remote attackers to execute arbitrary code via a malformed aim: URI, as demonstrated by a long URI beginning with the aim:///#1111111/ substring.
- CVE-2004-1666Dec 31, 2004risk 0.04cvss —epss 0.10
Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN servers to execute arbitrary code via a long string that ends in a newline character.
- CVE-2002-1487Apr 2, 2003risk 0.04cvss —epss 0.14
The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) by sending the raw messages (1) 206, (2) 211, (3) 213, (4) 214, (5) 215, (6) 217, (7) 218, (8) 243, (9) 302, (10) 317, (11) 324, (12) 332, (13) 333, (14) 352, and…
- CVE-2002-1486Apr 2, 2003risk 0.04cvss —epss 0.09
Multiple buffer overflows in the IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service and possibly execute arbitrary code via (1) a large response from the server, (2) a JOIN with a long channel name, (3) a long "raw 221"…
- CVE-2008-6563Mar 31, 2009risk 0.03cvss —epss 0.06
Buffer overflow in the XML parser in Trillian 3.1.9.0, and possibly earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DTD file.
- CVE-2005-0633Mar 2, 2005risk 0.03cvss —epss 0.05
Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to execute arbitrary code via a crafted PNG image file.
- CVE-2002-1488Apr 2, 2003risk 0.03cvss —epss 0.03
The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) via a PART message with (1) a missing channel or (2) a channel that the Trillian user is not in.
- CVE-2002-2162Dec 31, 2002risk 0.03cvss —epss 0.01
Cerulean Studios Trillian 0.73 and earlier use weak encrypttion (XOR) for storing user passwords in .ini files in the Trillian directory, which allows local users to gain access to other user accounts.
- CVE-2008-5403Dec 10, 2008risk 0.01cvss —epss 0.08
Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag.
- CVE-2008-5402Dec 10, 2008risk 0.01cvss —epss 0.07
Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID."
- CVE-2008-5401Dec 10, 2008risk 0.01cvss —epss 0.08
Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to "AIM IMG Tag Parsing."
- CVE-2007-3305Jun 21, 2007risk 0.01cvss —epss 0.08
Heap-based buffer overflow in Cerulean Studios Trillian 3.x before 3.1.6.0 allows remote attackers to execute arbitrary code via a message sent through the MSN protocol, or possibly other protocols, with a crafted UTF-8 string, which triggers improper memory allocation for word…
- CVE-2007-2418May 2, 2007risk 0.01cvss —epss 0.06
Heap-based buffer overflow in the Rendezvous / Extensible Messaging and Presence Protocol (XMPP) component (plugins\rendezvous.dll) for Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to execute arbitrary code via a message that triggers the overflow from…
- CVE-2012-5824Nov 4, 2012risk 0.00cvss —epss 0.01
Trillian 5.1.0.19 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, a different…
- CVE-2009-4831Apr 29, 2010risk 0.00cvss —epss 0.01
Cerulean Studios Trillian 3.1 Basic does not check SSL certificates during MSN authentication, which allows remote attackers to obtain MSN credentials via a man-in-the-middle attack with a spoofed SSL certificate.
- CVE-2008-2409May 23, 2008risk 0.00cvss —epss 0.06
Stack-based buffer overflow in Cerulean Studios Trillian before 3.1.10.0 allows remote attackers to execute arbitrary code via unspecified attributes in the X-MMS-IM-FORMAT header in an MSN message.
- CVE-2008-2408May 23, 2008risk 0.00cvss —epss 0.06
Heap-based buffer overflow in the XML parsing functionality in talk.dll in Cerulean Studios Trillian Pro before 3.1.10.0 allows remote attackers to execute arbitrary code via a malformed attribute in an IMG tag.
- CVE-2008-2407May 23, 2008risk 0.00cvss —epss 0.06
Stack-based buffer overflow in AIM.DLL in Cerulean Studios Trillian before 3.1.10.0 allows user-assisted remote attackers to execute arbitrary code via a long attribute value in a FONT tag in a message.
- CVE-2008-2008Apr 29, 2008risk 0.00cvss —epss 0.04
Buffer overflow in the Display Names message feature in Cerulean Studios Trillian Basic and Pro 3.1.9.0 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long nickname in an MSN protocol message.