Cerulean Studios

Trillian

31 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.8

CVE-2012-5824

Exploit
  • EPSS 0.15%
  • Veröffentlicht 04.11.2012 22:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Trillian 5.1.0.19 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid ...

5.8

CVE-2009-4831

  • EPSS 0.45%
  • Veröffentlicht 29.04.2010 19:30:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cerulean Studios Trillian 3.1 Basic does not check SSL certificates during MSN authentication, which allows remote attackers to obtain MSN credentials via a man-in-the-middle attack with a spoofed SSL certificate.

10

CVE-2008-5403

  • EPSS 25.56%
  • Veröffentlicht 10.12.2008 06:44:42
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag.

10

CVE-2008-5402

  • EPSS 18.77%
  • Veröffentlicht 10.12.2008 06:44:41
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID."

10

CVE-2008-5401

  • EPSS 26.69%
  • Veröffentlicht 10.12.2008 06:44:41
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to "AIM IMG Tag Parsing."

9.3

CVE-2008-2409

  • EPSS 17.02%
  • Veröffentlicht 23.05.2008 15:32:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Stack-based buffer overflow in Cerulean Studios Trillian before 3.1.10.0 allows remote attackers to execute arbitrary code via unspecified attributes in the X-MMS-IM-FORMAT header in an MSN message.

9.3

CVE-2008-2008

  • EPSS 2.58%
  • Veröffentlicht 29.04.2008 13:09:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Buffer overflow in the Display Names message feature in Cerulean Studios Trillian Basic and Pro 3.1.9.0 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long nickname in an MSN protocol message.

5

CVE-2007-3833

Exploit
  • EPSS 1.22%
  • Veröffentlicht 17.07.2007 22:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The AOL Instant Messenger (AIM) protocol handler in Cerulean Studios Trillian allows remote attackers to create files with arbitrary contents via certain aim: URIs, as demonstrated by a URI that begins with the "aim: &c:\" substring and contains a fu...

9.3

CVE-2007-3832

  • EPSS 15.3%
  • Veröffentlicht 17.07.2007 22:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Buffer overflow in the AOL Instant Messenger (AIM) protocol handler in AIM.DLL in Cerulean Studios Trillian allows remote attackers to execute arbitrary code via a malformed aim: URI, as demonstrated by a long URI beginning with the aim:///#1111111/ ...

9.3

CVE-2007-3305

  • EPSS 30.43%
  • Veröffentlicht 21.06.2007 01:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Heap-based buffer overflow in Cerulean Studios Trillian 3.x before 3.1.6.0 allows remote attackers to execute arbitrary code via a message sent through the MSN protocol, or possibly other protocols, with a crafted UTF-8 string, which triggers imprope...