Shodan
Vulnerabilities
Vulnerable Software
Cerulean Studios:  >> Trillian  >> 3.1  Security Vulnerabilities
CVE-2009-4831
Cerulean Studios Trillian 3.1 Basic does not check SSL certificates during MSN authentication, which allows remote attackers to obtain MSN credentials via a man-in-the-middle attack with a spoofed SSL certificate.
CVSS Score
5.8
EPSS Score
0.004
Published
2010-04-29
CVE-2008-5403
Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag.
CVSS Score
10.0
EPSS Score
0.256
Published
2008-12-10
CVE-2008-5401
Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to "AIM IMG Tag Parsing."
CVSS Score
10.0
EPSS Score
0.267
Published
2008-12-10
CVE-2008-5402
Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID."
CVSS Score
10.0
EPSS Score
0.188
Published
2008-12-10
CVE-2008-2409
Stack-based buffer overflow in Cerulean Studios Trillian before 3.1.10.0 allows remote attackers to execute arbitrary code via unspecified attributes in the X-MMS-IM-FORMAT header in an MSN message.
CVSS Score
9.3
EPSS Score
0.17
Published
2008-05-23
CVE-2007-3305
Heap-based buffer overflow in Cerulean Studios Trillian 3.x before 3.1.6.0 allows remote attackers to execute arbitrary code via a message sent through the MSN protocol, or possibly other protocols, with a crafted UTF-8 string, which triggers improper memory allocation for word wrapping when a window width is used as a buffer size, a different vulnerability than CVE-2007-2478.
CVSS Score
9.3
EPSS Score
0.304
Published
2007-06-21
CVE-2007-2479
Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed response that is not truncated by a newline, which can cause portions of a server message to be sent to the attacker.
CVSS Score
5.9
EPSS Score
0.01
Published
2007-05-03
CVE-2005-0875
Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, and 3.1 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header.
CVSS Score
5.0
EPSS Score
0.005
Published
2005-05-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved