Vulnerabilities > Cerulean Studios > Trillian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-11-04 | CVE-2012-5824 | Improper Certificate Validation vulnerability in Cerulean Studios Trillian 5.1.0.19 Trillian 5.1.0.19 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, a different vulnerability than CVE-2009-4831. | 5.8 |
| 2010-04-29 | CVE-2009-4831 | Improper Certificate Validation vulnerability in Cerulean Studios Trillian 3.1 Cerulean Studios Trillian 3.1 Basic does not check SSL certificates during MSN authentication, which allows remote attackers to obtain MSN credentials via a man-in-the-middle attack with a spoofed SSL certificate. | 5.8 |
| 2007-07-17 | CVE-2007-3833 | Remote Code Execution vulnerability in Cerulean Studios Trillian 3.1.6.0 The AOL Instant Messenger (AIM) protocol handler in Cerulean Studios Trillian allows remote attackers to create files with arbitrary contents via certain aim: URIs, as demonstrated by a URI that begins with the "aim: &c:\" substring and contains a full pathname in the ini field. | 5.0 |
| 2006-02-04 | CVE-2006-0543 | Denial-Of-Service vulnerability in Cerulean Studios Trillian 3.1.0.120 Cerulean Trillian 3.1.0.120 allows remote attackers to cause a denial of service (client crash) via an AIM message containing the Mac encoded Rich Text Format (RTF) escape sequences (1) \'d1, (2) \'d2, (3) \'d3, (4) \'d4, and (5) \'d5. | 5.0 |
| 2005-10-05 | CVE-2005-3141 | Denial-Of-Service vulnerability in Cerulean Studios Trillian 3.0 Cerulean Studios Trillian 3.0 allows remote attackers to cause a denial of service (crash) via a reverse direct connection from a different client, as demonstrated using LICQ. | 5.0 |
| 2005-05-02 | CVE-2005-0875 | Unspecified vulnerability in Cerulean Studios Trillian 2.0/3.0/3.1 Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, and 3.1 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header. | 5.0 |
| 2005-05-02 | CVE-2005-0874 | Unspecified vulnerability in Cerulean Studios Trillian 2.0 Multiple buffer overflows in the (1) AIM, (2) MSN, (3) RSS, and other plug-ins for Trillian 2.0 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header. | 5.0 |
| 2003-08-18 | CVE-2003-0520 | Denial Of Service vulnerability in Cerulean Studios Trillian 0.74/1.0 Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a denial of service (crash) via a TypingUser message in which the "TypingUser" string has been modified. | 5.0 |
| 2003-04-02 | CVE-2002-1488 | Denial Of Service vulnerability in Cerulean Studios Trillian 0.74 The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) via a PART message with (1) a missing channel or (2) a channel that the Trillian user is not in. | 5.0 |
| 2003-04-02 | CVE-2002-1487 | Denial Of Service vulnerability in Cerulean Studios Trillian 0.74 The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) by sending the raw messages (1) 206, (2) 211, (3) 213, (4) 214, (5) 215, (6) 217, (7) 218, (8) 243, (9) 302, (10) 317, (11) 324, (12) 332, (13) 333, (14) 352, and (15) 367. | 5.0 |