AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote attackers to cause a denial of service (application crash) via an instant message that contains a large amount of "
6.9AI Score
0.033EPSS
The AIM component of Trillian 0.73 and 0.74 allows remote attackers to cause a denial of service (crash) via certain strings such as "P > O < C".
6.9AI Score
0.002EPSS
Multiple buffer overflows in the IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service and possibly execute arbitrary code via (1) a large response from the server, (2) a JOIN with a long channel name, (3) a long "raw 221" message, (4) a PRIVMSG wi...
8.3AI Score
0.023EPSS
The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) by sending the raw messages (1) 206, (2) 211, (3) 213, (4) 214, (5) 215, (6) 217, (7) 218, (8) 243, (9) 302, (10) 317, (11) 324, (12) 332, (13) 333, (14) 352, and (15) 367.
7AI Score
0.006EPSS
The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) via a PART message with (1) a missing channel or (2) a channel that the Trillian user is not in.
7AI Score
0.006EPSS
Format string vulnerability in the error handling of IRC invite responses for Trillian 0.725 and 0.73 allows remote IRC servers to execute arbitrary code via an invite to a channel with format string specifiers in the name.
8AI Score
0.005EPSS
Buffer overflow in Trillian 0.73 allows remote IRC servers to execute arbitrary code via a long PING response.
8.2AI Score
0.005EPSS
Cerulean Studios Trillian 0.73 and earlier use weak encrypttion (XOR) for storing user passwords in .ini files in the Trillian directory, which allows local users to gain access to other user accounts.
6.5AI Score
0.0004EPSS
Buffer overflow in the IRC module of Trillian 0.725 and 0.73 allowing remote attackers to execute arbitrary code via a long DCC Chat message.
8.2AI Score
0.041EPSS
Buffer overflow in the XML parser of Trillian 0.6351, 0.725 and 0.73 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a skin with a long colors file name in trillian.xml.
8.3AI Score
0.036EPSS
Buffer overflow in the IDENT daemon (identd) in Trillian 0.6351, 0.725, 0.73, 0.74 and 1.0 pro allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long request.
8.4AI Score
0.041EPSS
Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a denial of service (crash) via a TypingUser message in which the "TypingUser" string has been modified.
7AI Score
0.003EPSS
Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN servers to execute arbitrary code via a long string that ends in a newline character.
7.8AI Score
0.013EPSS
Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow.
8.1AI Score
0.071EPSS
Stack-based buffer overflow in Trillian 0.71 through 0.74f and Trillian Pro 1.0 through 2.01 allows remote attackers to execute arbitrary code via a Yahoo Messenger packet with a long key name.
8.5AI Score
0.1EPSS
Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to execute arbitrary code via a crafted PNG image file.
8.2AI Score
0.042EPSS
Multiple buffer overflows in the (1) AIM, (2) MSN, (3) RSS, and other plug-ins for Trillian 2.0 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header.
7.2AI Score
0.003EPSS
Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, and 3.1 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header.
7.2AI Score
0.001EPSS
Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores the password in plaintext in a world readable file and does not delete the file after login, which allows local users to obtain sensitive information.
6.6AI Score
0.0004EPSS
Cerulean Studios Trillian 3.0 allows remote attackers to cause a denial of service (crash) via a reverse direct connection from a different client, as demonstrated using LICQ.
7AI Score
0.014EPSS
Cerulean Trillian 3.1.0.120 allows remote attackers to cause a denial of service (client crash) via an AIM message containing the Mac encoded Rich Text Format (RTF) escape sequences (1) 'd1, (2) 'd2, (3) 'd3, (4) 'd4, and (5) 'd5. NOTE: the provenance of this information is unknown; the details are...
6.6AI Score
0.003EPSS
Heap-based buffer overflow in the Rendezvous / Extensible Messaging and Presence Protocol (XMPP) component (plugins\rendezvous.dll) for Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to execute arbitrary code via a message that triggers the overflow from expansion that occurs ...
8AI Score
0.112EPSS
Multiple heap-based buffer overflows in the IRC component in Cerulean Studios Trillian Pro before 3.1.5.1 allow remote attackers to corrupt memory and possibly execute arbitrary code via (1) a URL with a long UTF-8 string, which triggers the overflow when the user highlights it, or (2) a font HTML ...
6.4AI Score
0.143EPSS
Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed response that is not truncated by a newline, which can cause portions of a server message to be sen...
5.9CVSS
5.5AI Score
0.011EPSS
Heap-based buffer overflow in Cerulean Studios Trillian 3.x before 3.1.6.0 allows remote attackers to execute arbitrary code via a message sent through the MSN protocol, or possibly other protocols, with a crafted UTF-8 string, which triggers improper memory allocation for word wrapping when a wind...
8.3AI Score
0.308EPSS
Buffer overflow in the AOL Instant Messenger (AIM) protocol handler in AIM.DLL in Cerulean Studios Trillian allows remote attackers to execute arbitrary code via a malformed aim: URI, as demonstrated by a long URI beginning with the aim:///#1111111/ substring.
7.9AI Score
0.126EPSS
The AOL Instant Messenger (AIM) protocol handler in Cerulean Studios Trillian allows remote attackers to create files with arbitrary contents via certain aim: URIs, as demonstrated by a URI that begins with the "aim: &c:" substring and contains a full pathname in the ini field. NOTE: this can be le...
7.3AI Score
0.018EPSS
Buffer overflow in the Display Names message feature in Cerulean Studios Trillian Basic and Pro 3.1.9.0 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long nickname in an MSN protocol message.
8AI Score
0.049EPSS
Stack-based buffer overflow in Cerulean Studios Trillian before 3.1.10.0 allows remote attackers to execute arbitrary code via unspecified attributes in the X-MMS-IM-FORMAT header in an MSN message.
8.2AI Score
0.525EPSS
Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to "AIM IMG Tag Parsing."
7.8AI Score
0.715EPSS
Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID."
7.5AI Score
0.251EPSS
Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag.
7.9AI Score
0.707EPSS
Cerulean Studios Trillian 3.1 Basic does not check SSL certificates during MSN authentication, which allows remote attackers to obtain MSN credentials via a man-in-the-middle attack with a spoofed SSL certificate.
6.5AI Score
0.001EPSS
Trillian 5.1.0.19 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, a different vulnerability than CVE-2...
6.5AI Score
0.001EPSS