CVSS: 10.0EPSS: 26%CPEs: 55EXPL: 0CVE-2008-5401 – Trillian AIM IMG Tag Parsing Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-5401
04 Dec 2008 — Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to "AIM IMG Tag Parsing." Desbordamiento de búfer basado en pila en la implementación del tooltip en Trillian anterior a 3.1.12.0, permite a atacantes remotos ejecutar código de su elección a través de un archivo de imagen con un nombre largo. Relacionado con "AIM IMG Tag Parsing." This vulnerability allows remote attackers to execut... • http://blog.ceruleanstudios.com/?p=404 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 18%CPEs: 55EXPL: 0CVE-2008-5402 – Trillian IMG SRC ID Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-5402
04 Dec 2008 — Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID." Vulnerabilidad de doble liberación en el validador en Trillian anterior a v3.1.12.0, permite a atacantes remotos ejecutar código de su elección a través de una expresión XML manipulada. Relacionado con el "IMG SRC ID". This vulnerability allows remote attackers to potentially execute arbitrary code on vulnerable installations of ... • http://blog.ceruleanstudios.com/?p=404 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 25%CPEs: 55EXPL: 0CVE-2008-5403 – Trillian AIM Plugin Malformed XML Tag Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-5403
04 Dec 2008 — Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag. Desbordamiento de búfer basado en montículo en el analizador XML en el plugin AIM en Trillian versiones anteriores a 3.1.12.0, que permite a los atacantes remotos ejecutar arbitrariamente código a través de etiquetas XML mal formadas. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cerulean St... • http://blog.ceruleanstudios.com/?p=404 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 8%CPEs: 1EXPL: 0CVE-2008-2407 – Trillian AIM.DLL Long HTML Font Parameter Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-2407
21 May 2008 — Stack-based buffer overflow in AIM.DLL in Cerulean Studios Trillian before 3.1.10.0 allows user-assisted remote attackers to execute arbitrary code via a long attribute value in a FONT tag in a message. Desbordamiento de Búfer basado en pila en AIM.DLL en Cerulean Studios Trillian anterior a 3.1.10.0, permite a atacantes remotos asistidos por el usuario ejecutar código arbitrario a través de un valor largo en el atributo, en una etiqueta FONT de un mensaje. This vulnerability allows remote attackers to exec... • http://secunia.com/advisories/30336 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 17%CPEs: 15EXPL: 0CVE-2008-2409 – Trillian MSN MIME Header Stack-Based Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-2409
21 May 2008 — Stack-based buffer overflow in Cerulean Studios Trillian before 3.1.10.0 allows remote attackers to execute arbitrary code via unspecified attributes in the X-MMS-IM-FORMAT header in an MSN message. Desbordamiento de búfer basado en pila en Cerulean Studios Trillian Pro anteriores a 3.1.10.0, permite a atacantes remotos ejecutar código arbitrario a través de atributos no especificados en la cabecera X-MMS-IM-FORMAT en un mensaje MSN. This vulnerability allows remote attackers to execute arbitrary code on vu... • http://archives.neohapsis.com/archives/bugtraq/2008-05/0285.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 30%CPEs: 1EXPL: 0CVE-2007-3305
https://notcve.org/view.php?id=CVE-2007-3305
21 Jun 2007 — Heap-based buffer overflow in Cerulean Studios Trillian 3.x before 3.1.6.0 allows remote attackers to execute arbitrary code via a message sent through the MSN protocol, or possibly other protocols, with a crafted UTF-8 string, which triggers improper memory allocation for word wrapping when a window width is used as a buffer size, a different vulnerability than CVE-2007-2478. Desbordamiento de búfer basado en pila en Cerulean Studios Trillian 3.x anterior a 3.1.6.0 permite a atacantes remotos ejecutar códi... • http://blog.ceruleanstudios.com/?p=150 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2003-0520
https://notcve.org/view.php?id=CVE-2003-0520
10 Jul 2003 — Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a denial of service (crash) via a TypingUser message in which the "TypingUser" string has been modified. Trillian 1.0 Pro y 0.74 Freeware permite a atacantes remotos causar una denegación de servicio (caída) mediente un mensaje TypingUser en el que la cadena "TypingUser" ha sido modificada. • http://marc.info/?l=bugtraq&m=105735714318026&w=2 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 2CVE-2002-2162 – Trillian Instant Messaging 0.x - Credential Encryption
https://notcve.org/view.php?id=CVE-2002-2162
31 Dec 2002 — Cerulean Studios Trillian 0.73 and earlier use weak encrypttion (XOR) for storing user passwords in .ini files in the Trillian directory, which allows local users to gain access to other user accounts. • https://www.exploit-db.com/exploits/21781 •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2002-2366
https://notcve.org/view.php?id=CVE-2002-2366
31 Dec 2002 — Buffer overflow in the XML parser of Trillian 0.6351, 0.725 and 0.73 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a skin with a long colors file name in trillian.xml. • http://archives.neohapsis.com/archives/bugtraq/2002-08/0334.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 7%CPEs: 11EXPL: 3CVE-2001-1419
https://notcve.org/view.php?id=CVE-2001-1419
02 Oct 2001 — AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote attackers to cause a denial of service (application crash) via an instant message that contains a large amount of "<!--" HTML comments. • http://archives.neohapsis.com/archives/bugtraq/2001-10/0014.html •