CVSS: 9.3EPSS: 30%CPEs: 1EXPL: 0CVE-2007-3305
https://notcve.org/view.php?id=CVE-2007-3305
Heap-based buffer overflow in Cerulean Studios Trillian 3.x before 3.1.6.0 allows remote attackers to execute arbitrary code via a message sent through the MSN protocol, or possibly other protocols, with a crafted UTF-8 string, which triggers improper memory allocation for word wrapping when a window width is used as a buffer size, a different vulnerability than CVE-2007-2478. Desbordamiento de búfer basado en pila en Cerulean Studios Trillian 3.x anterior a 3.1.6.0 permite a atacantes remotos ejecutar código de su elección mediante un mensaje enviado a través del protocolo MSN, o posiblemente otros protocolos, con una cadena UTF-8 artesanal, lo cual provoca un reserva de memoria no válida cuando el ancho de ventana es usado como tamaño de búfer, una vulnerabilidad diferente que CVE-2007-2478. • http://blog.ceruleanstudios.com/?p=150 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=545 http://osvdb.org/37446 http://secunia.com/advisories/25736 http://www.kb.cert.org/vuls/id/187033 http://www.securityfocus.com/bid/24523 http://www.securitytracker.com/id?1018265 http://www.vupen.com/english/advisories/2007/2246 https://exchange.xforce.ibmcloud.com/vulnerabilities/34918 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2006-0543
https://notcve.org/view.php?id=CVE-2006-0543
Cerulean Trillian 3.1.0.120 allows remote attackers to cause a denial of service (client crash) via an AIM message containing the Mac encoded Rich Text Format (RTF) escape sequences (1) \'d1, (2) \'d2, (3) \'d3, (4) \'d4, and (5) \'d5. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • http://www.osvdb.org/22877 •