Cerulean Studios: >> Trillian >> 0.73 Security Vulnerabilities
Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag.
CVSS Score
10.0
EPSS Score
0.256
Published
2008-12-10
Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to "AIM IMG Tag Parsing."
CVSS Score
10.0
EPSS Score
0.267
Published
2008-12-10
Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID."
CVSS Score
10.0
EPSS Score
0.188
Published
2008-12-10
Stack-based buffer overflow in Cerulean Studios Trillian before 3.1.10.0 allows remote attackers to execute arbitrary code via unspecified attributes in the X-MMS-IM-FORMAT header in an MSN message.
CVSS Score
9.3
EPSS Score
0.17
Published
2008-05-23
Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow.
CVSS Score
7.5
EPSS Score
0.032
Published
2004-12-31
Stack-based buffer overflow in Trillian 0.71 through 0.74f and Trillian Pro 1.0 through 2.01 allows remote attackers to execute arbitrary code via a Yahoo Messenger packet with a long key name.
CVSS Score
7.5
EPSS Score
0.054
Published
2004-12-31
The AIM component of Trillian 0.73 and 0.74 allows remote attackers to cause a denial of service (crash) via certain strings such as "P > O < C".
CVSS Score
5.0
EPSS Score
0.006
Published
2003-04-02
Multiple buffer overflows in the IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service and possibly execute arbitrary code via (1) a large response from the server, (2) a JOIN with a long channel name, (3) a long "raw 221" message, (4) a PRIVMSG with a long nickname, or (5) a long response from an IDENT server.
CVSS Score
7.5
EPSS Score
0.555
Published
2003-04-02
Format string vulnerability in the error handling of IRC invite responses for Trillian 0.725 and 0.73 allows remote IRC servers to execute arbitrary code via an invite to a channel with format string specifiers in the name.
CVSS Score
7.5
EPSS Score
0.007
Published
2002-12-31
Buffer overflow in Trillian 0.73 allows remote IRC servers to execute arbitrary code via a long PING response.
CVSS Score
7.5
EPSS Score
0.012
Published
2002-12-31
Page 1