Vulnerabilities > Cerulean Studios

DATE CVE VULNERABILITY TITLE RISK
2008-12-10 CVE-2008-5403 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag.
network
low complexity
cerulean-studios ceruleanstudios CWE-119
critical
10.0
2008-12-10 CVE-2008-5402 Resource Management Errors vulnerability in multiple products
Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID."
network
low complexity
cerulean-studios ceruleanstudios CWE-399
critical
10.0
2008-12-10 CVE-2008-5401 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to "AIM IMG Tag Parsing."
network
low complexity
cerulean-studios ceruleanstudios CWE-119
critical
10.0
2008-05-23 CVE-2008-2409 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cerulean Studios Trillian
Stack-based buffer overflow in Cerulean Studios Trillian before 3.1.10.0 allows remote attackers to execute arbitrary code via unspecified attributes in the X-MMS-IM-FORMAT header in an MSN message.
network
cerulean-studios CWE-119
critical
9.3
2008-04-29 CVE-2008-2008 Buffer Errors vulnerability in Cerulean Studios Trillian 3.1.9.0
Buffer overflow in the Display Names message feature in Cerulean Studios Trillian Basic and Pro 3.1.9.0 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long nickname in an MSN protocol message.
network
cerulean-studios CWE-119
critical
9.3
2007-07-17 CVE-2007-3833 Remote Code Execution vulnerability in Cerulean Studios Trillian 3.1.6.0
The AOL Instant Messenger (AIM) protocol handler in Cerulean Studios Trillian allows remote attackers to create files with arbitrary contents via certain aim: URIs, as demonstrated by a URI that begins with the "aim: &c:\" substring and contains a full pathname in the ini field.
network
low complexity
cerulean-studios
5.0
2007-07-17 CVE-2007-3832 Buffer Errors vulnerability in Cerulean Studios Trillian 3.1.6.0
Buffer overflow in the AOL Instant Messenger (AIM) protocol handler in AIM.DLL in Cerulean Studios Trillian allows remote attackers to execute arbitrary code via a malformed aim: URI, as demonstrated by a long URI beginning with the aim:///#1111111/ substring.
network
cerulean-studios CWE-119
critical
9.3
2007-06-21 CVE-2007-3305 Buffer Overflow vulnerability in Cerulean Studios Trillian 3.1
Heap-based buffer overflow in Cerulean Studios Trillian 3.x before 3.1.6.0 allows remote attackers to execute arbitrary code via a message sent through the MSN protocol, or possibly other protocols, with a crafted UTF-8 string, which triggers improper memory allocation for word wrapping when a window width is used as a buffer size, a different vulnerability than CVE-2007-2478.
network
cerulean-studios
critical
9.3
2007-05-03 CVE-2007-2479 Information Exposure vulnerability in Cerulean Studios Trillian 3.1
Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed response that is not truncated by a newline, which can cause portions of a server message to be sent to the attacker.
7.1
2007-05-03 CVE-2007-2478 IRC Module UTF-8 vulnerability in Cerulean Studios Trillian
Multiple heap-based buffer overflows in the IRC component in Cerulean Studios Trillian Pro before 3.1.5.1 allow remote attackers to corrupt memory and possibly execute arbitrary code via (1) a URL with a long UTF-8 string, which triggers the overflow when the user highlights it, or (2) a font HTML tag with a face attribute containing a long UTF-8 string.
network
cerulean-studios
critical
9.3