CVSS: 9.3EPSS: 30%CPEs: 1EXPL: 0CVE-2007-3305
https://notcve.org/view.php?id=CVE-2007-3305
Heap-based buffer overflow in Cerulean Studios Trillian 3.x before 3.1.6.0 allows remote attackers to execute arbitrary code via a message sent through the MSN protocol, or possibly other protocols, with a crafted UTF-8 string, which triggers improper memory allocation for word wrapping when a window width is used as a buffer size, a different vulnerability than CVE-2007-2478. Desbordamiento de búfer basado en pila en Cerulean Studios Trillian 3.x anterior a 3.1.6.0 permite a atacantes remotos ejecutar código de su elección mediante un mensaje enviado a través del protocolo MSN, o posiblemente otros protocolos, con una cadena UTF-8 artesanal, lo cual provoca un reserva de memoria no válida cuando el ancho de ventana es usado como tamaño de búfer, una vulnerabilidad diferente que CVE-2007-2478. • http://blog.ceruleanstudios.com/?p=150 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=545 http://osvdb.org/37446 http://secunia.com/advisories/25736 http://www.kb.cert.org/vuls/id/187033 http://www.securityfocus.com/bid/24523 http://www.securitytracker.com/id?1018265 http://www.vupen.com/english/advisories/2007/2246 https://exchange.xforce.ibmcloud.com/vulnerabilities/34918 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2003-0520
https://notcve.org/view.php?id=CVE-2003-0520
Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a denial of service (crash) via a TypingUser message in which the "TypingUser" string has been modified. Trillian 1.0 Pro y 0.74 Freeware permite a atacantes remotos causar una denegación de servicio (caída) mediente un mensaje TypingUser en el que la cadena "TypingUser" ha sido modificada. • http://marc.info/?l=bugtraq&m=105735714318026&w=2 http://www.securityfocus.com/bid/8107 •
CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 2CVE-2002-2162 – Trillian Instant Messaging 0.x - Credential Encryption
https://notcve.org/view.php?id=CVE-2002-2162
Cerulean Studios Trillian 0.73 and earlier use weak encrypttion (XOR) for storing user passwords in .ini files in the Trillian directory, which allows local users to gain access to other user accounts. • https://www.exploit-db.com/exploits/21781 http://www.iss.net/security_center/static/10092.php http://www.securityfocus.com/archive/1/291071 http://www.securityfocus.com/bid/5677 •
CVSS: 6.8EPSS: 3%CPEs: 3EXPL: 0CVE-2002-2366
https://notcve.org/view.php?id=CVE-2002-2366
Buffer overflow in the XML parser of Trillian 0.6351, 0.725 and 0.73 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a skin with a long colors file name in trillian.xml. • http://archives.neohapsis.com/archives/bugtraq/2002-08/0334.html http://www.iss.net/security_center/static/9999.php http://www.securityfocus.com/bid/5601 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 3%CPEs: 11EXPL: 3CVE-2001-1419
https://notcve.org/view.php?id=CVE-2001-1419
AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote attackers to cause a denial of service (application crash) via an instant message that contains a large amount of "<!--" HTML comments. • http://archives.neohapsis.com/archives/bugtraq/2001-10/0014.html http://www.kb.cert.org/vuls/id/507771 http://www.kb.cert.org/vuls/id/JARL-56TPTN http://www.securityfocus.com/archive/1/247707 http://www.securityfocus.com/bid/3398 https://exchange.xforce.ibmcloud.com/vulnerabilities/7233 •