CVSS: 9.3EPSS: 30%CPEs: 1EXPL: 0CVE-2007-3305
https://notcve.org/view.php?id=CVE-2007-3305
Heap-based buffer overflow in Cerulean Studios Trillian 3.x before 3.1.6.0 allows remote attackers to execute arbitrary code via a message sent through the MSN protocol, or possibly other protocols, with a crafted UTF-8 string, which triggers improper memory allocation for word wrapping when a window width is used as a buffer size, a different vulnerability than CVE-2007-2478. Desbordamiento de búfer basado en pila en Cerulean Studios Trillian 3.x anterior a 3.1.6.0 permite a atacantes remotos ejecutar código de su elección mediante un mensaje enviado a través del protocolo MSN, o posiblemente otros protocolos, con una cadena UTF-8 artesanal, lo cual provoca un reserva de memoria no válida cuando el ancho de ventana es usado como tamaño de búfer, una vulnerabilidad diferente que CVE-2007-2478. • http://blog.ceruleanstudios.com/?p=150 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=545 http://osvdb.org/37446 http://secunia.com/advisories/25736 http://www.kb.cert.org/vuls/id/187033 http://www.securityfocus.com/bid/24523 http://www.securitytracker.com/id?1018265 http://www.vupen.com/english/advisories/2007/2246 https://exchange.xforce.ibmcloud.com/vulnerabilities/34918 •
CVSS: 7.1EPSS: 1%CPEs: 2EXPL: 0CVE-2007-2479
https://notcve.org/view.php?id=CVE-2007-2479
Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed response that is not truncated by a newline, which can cause portions of a server message to be sent to the attacker. Cerulean Studios Trillian Pro anterior a 3.1.5.1 permite a atacantes remotos obtener informacion potencialmente sensible a través de mensajes CTCP PING largo que contienen caracteres UTF-8, lo cual genera una respuesta malformada que no está truncado por una nueva linea, lo cual puede provovcar que porciones de una mensaje de servidor sean enviados a el atacante. • http://blog.ceruleanstudios.com/?p=131 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=522 http://osvdb.org/35722 http://secunia.com/advisories/25086 http://www.securityfocus.com/bid/23730 http://www.securitytracker.com/id?1017982 http://www.vupen.com/english/advisories/2007/1596 https://exchange.xforce.ibmcloud.com/vulnerabilities/33983 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2006-0543
https://notcve.org/view.php?id=CVE-2006-0543
Cerulean Trillian 3.1.0.120 allows remote attackers to cause a denial of service (client crash) via an AIM message containing the Mac encoded Rich Text Format (RTF) escape sequences (1) \'d1, (2) \'d2, (3) \'d3, (4) \'d4, and (5) \'d5. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • http://www.osvdb.org/22877 •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2005-3141
https://notcve.org/view.php?id=CVE-2005-3141
Cerulean Studios Trillian 3.0 allows remote attackers to cause a denial of service (crash) via a reverse direct connection from a different client, as demonstrated using LICQ. • http://ceruleanstudios.com/forums/showthread.php?s=84987af3601384b1dc7ea1f36b237c9c&threadid=64889 http://marc.info/?l=bugtraq&m=112837909626441&w=2 http://securityreason.com/securityalert/43 http://sourceforge.net/mailarchive/forum.php?thread_id=8315933&forum_id=5420 http://www.osvdb.org/20006 •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2005-0875
https://notcve.org/view.php?id=CVE-2005-0875
Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, and 3.1 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header. • http://marc.info/?l=bugtraq&m=111171416802350&w=2 http://secunia.com/advisories/14689 •