Cerulean Studios: Security Vulnerabilities
Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow.
CVSS Score
7.5
EPSS Score
0.032
Published
2004-12-31
Stack-based buffer overflow in Trillian 0.71 through 0.74f and Trillian Pro 1.0 through 2.01 allows remote attackers to execute arbitrary code via a Yahoo Messenger packet with a long key name.
CVSS Score
7.5
EPSS Score
0.054
Published
2004-12-31
Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a denial of service (crash) via a TypingUser message in which the "TypingUser" string has been modified.
CVSS Score
5.0
EPSS Score
0.007
Published
2003-08-18
The AIM component of Trillian 0.73 and 0.74 allows remote attackers to cause a denial of service (crash) via certain strings such as "P > O < C".
CVSS Score
5.0
EPSS Score
0.006
Published
2003-04-02
Multiple buffer overflows in the IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service and possibly execute arbitrary code via (1) a large response from the server, (2) a JOIN with a long channel name, (3) a long "raw 221" message, (4) a PRIVMSG with a long nickname, or (5) a long response from an IDENT server.
CVSS Score
7.5
EPSS Score
0.492
Published
2003-04-02
The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) by sending the raw messages (1) 206, (2) 211, (3) 213, (4) 214, (5) 215, (6) 217, (7) 218, (8) 243, (9) 302, (10) 317, (11) 324, (12) 332, (13) 333, (14) 352, and (15) 367.
CVSS Score
5.0
EPSS Score
0.152
Published
2003-04-02
The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) via a PART message with (1) a missing channel or (2) a channel that the Trillian user is not in.
CVSS Score
5.0
EPSS Score
0.045
Published
2003-04-02
Format string vulnerability in the error handling of IRC invite responses for Trillian 0.725 and 0.73 allows remote IRC servers to execute arbitrary code via an invite to a channel with format string specifiers in the name.
CVSS Score
7.5
EPSS Score
0.007
Published
2002-12-31
Buffer overflow in Trillian 0.73 allows remote IRC servers to execute arbitrary code via a long PING response.
CVSS Score
7.5
EPSS Score
0.012
Published
2002-12-31
Cerulean Studios Trillian 0.73 and earlier use weak encrypttion (XOR) for storing user passwords in .ini files in the Trillian directory, which allows local users to gain access to other user accounts.
CVSS Score
4.6
EPSS Score
0.001
Published
2002-12-31