CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Cerulean Studios » Trillian » 0.73 : Security Vulnerabilities

Cpe Name:cpe:/a:cerulean_studios:trillian:0.73
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2008-5403 119 Exec Code Overflow 2008-12-10 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag.
2 CVE-2008-5402 399 Exec Code 2008-12-10 2018-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID."
3 CVE-2008-5401 119 Exec Code Overflow 2008-12-10 2018-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to "AIM IMG Tag Parsing."
4 CVE-2008-2409 119 Exec Code Overflow 2008-05-23 2017-08-07
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Cerulean Studios Trillian before 3.1.10.0 allows remote attackers to execute arbitrary code via unspecified attributes in the X-MMS-IM-FORMAT header in an MSN message.
5 CVE-2004-2370 Exec Code Overflow 2004-12-31 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in Trillian 0.71 through 0.74f and Trillian Pro 1.0 through 2.01 allows remote attackers to execute arbitrary code via a Yahoo Messenger packet with a long key name.
6 CVE-2004-2304 DoS Exec Code Overflow 2004-12-31 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow.
7 CVE-2002-2390 119 DoS Exec Code Overflow 2002-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the IDENT daemon (identd) in Trillian 0.6351, 0.725, 0.73, 0.74 and 1.0 pro allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long request.
8 CVE-2002-2366 119 DoS Exec Code Overflow 2002-12-31 2008-09-05
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the XML parser of Trillian 0.6351, 0.725 and 0.73 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a skin with a long colors file name in trillian.xml.
9 CVE-2002-2173 Exec Code Overflow 2002-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the IRC module of Trillian 0.725 and 0.73 allowing remote attackers to execute arbitrary code via a long DCC Chat message.
10 CVE-2002-2162 2002-12-31 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Cerulean Studios Trillian 0.73 and earlier use weak encrypttion (XOR) for storing user passwords in .ini files in the Trillian directory, which allows local users to gain access to other user accounts.
11 CVE-2002-2156 Exec Code Overflow 2002-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Trillian 0.73 allows remote IRC servers to execute arbitrary code via a long PING response.
12 CVE-2002-2155 Exec Code 2002-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Format string vulnerability in the error handling of IRC invite responses for Trillian 0.725 and 0.73 allows remote IRC servers to execute arbitrary code via an invite to a channel with format string specifiers in the name.
13 CVE-2002-1486 DoS Exec Code Overflow 2003-04-02 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service and possibly execute arbitrary code via (1) a large response from the server, (2) a JOIN with a long channel name, (3) a long "raw 221" message, (4) a PRIVMSG with a long nickname, or (5) a long response from an IDENT server.
14 CVE-2002-1485 DoS 2003-04-02 2008-09-05
5.0
None Remote Low Not required None None Partial
The AIM component of Trillian 0.73 and 0.74 allows remote attackers to cause a denial of service (crash) via certain strings such as "P > O < C".
Total number of vulnerabilities : 14   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.