Vulnerabilities > Cerulean Studios
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-11-04 | CVE-2012-5824 | Improper Certificate Validation vulnerability in Cerulean Studios Trillian 5.1.0.19 Trillian 5.1.0.19 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, a different vulnerability than CVE-2009-4831. | 5.8 |
| 2010-04-29 | CVE-2009-4831 | Improper Certificate Validation vulnerability in Cerulean Studios Trillian 3.1 Cerulean Studios Trillian 3.1 Basic does not check SSL certificates during MSN authentication, which allows remote attackers to obtain MSN credentials via a man-in-the-middle attack with a spoofed SSL certificate. | 5.8 |
| 2008-12-10 | CVE-2008-5403 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag. | 10.0 |
| 2008-12-10 | CVE-2008-5402 | Resource Management Errors vulnerability in multiple products Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID." | 10.0 |
| 2008-12-10 | CVE-2008-5401 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to "AIM IMG Tag Parsing." | 10.0 |
| 2008-05-23 | CVE-2008-2409 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cerulean Studios Trillian Stack-based buffer overflow in Cerulean Studios Trillian before 3.1.10.0 allows remote attackers to execute arbitrary code via unspecified attributes in the X-MMS-IM-FORMAT header in an MSN message. | 9.3 |
| 2008-04-29 | CVE-2008-2008 | Buffer Errors vulnerability in Cerulean Studios Trillian 3.1.9.0 Buffer overflow in the Display Names message feature in Cerulean Studios Trillian Basic and Pro 3.1.9.0 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long nickname in an MSN protocol message. | 9.3 |
| 2007-07-17 | CVE-2007-3833 | Remote Code Execution vulnerability in Cerulean Studios Trillian 3.1.6.0 The AOL Instant Messenger (AIM) protocol handler in Cerulean Studios Trillian allows remote attackers to create files with arbitrary contents via certain aim: URIs, as demonstrated by a URI that begins with the "aim: &c:\" substring and contains a full pathname in the ini field. | 5.0 |
| 2007-07-17 | CVE-2007-3832 | Buffer Errors vulnerability in Cerulean Studios Trillian 3.1.6.0 Buffer overflow in the AOL Instant Messenger (AIM) protocol handler in AIM.DLL in Cerulean Studios Trillian allows remote attackers to execute arbitrary code via a malformed aim: URI, as demonstrated by a long URI beginning with the aim:///#1111111/ substring. | 9.3 |
| 2007-06-21 | CVE-2007-3305 | Buffer Overflow vulnerability in Cerulean Studios Trillian 3.1 Heap-based buffer overflow in Cerulean Studios Trillian 3.x before 3.1.6.0 allows remote attackers to execute arbitrary code via a message sent through the MSN protocol, or possibly other protocols, with a crafted UTF-8 string, which triggers improper memory allocation for word wrapping when a window width is used as a buffer size, a different vulnerability than CVE-2007-2478. | 9.3 |