MidnightBSD

Advisories for cerulean_studios

CVE-2001-1419 MEDIUM

AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote attackers to cause a denial of service (application crash) via an instant message that contains a large amount of "<!--" HTML comments.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
aol instant_messenger 4.0
aol instant_messenger 4.3
aol instant_messenger 4.7.2480
aol instant_messenger 4.2
aol instant_messenger 4.1
aol instant_messenger 4.4
aol instant_messenger 4.6
aol instant_messenger 4.7
aol instant_messenger 4.5
aol instant_messenger 4.3.2229
cerulean_studios trillian 0.6351
CVE-2002-1485 MEDIUM

The AIM component of Trillian 0.73 and 0.74 allows remote attackers to cause a denial of service (crash) via certain strings such as "P > O < C".

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cerulean_studios trillian 0.74
cerulean_studios trillian 0.73
CVE-2002-1486 HIGH

Multiple buffer overflows in the IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service and possibly execute arbitrary code via (1) a large response from the server, (2) a JOIN with a long channel name, (3) a long "raw 221" message, (4) a PRIVMSG with a long nickname, or (5) a long response from an IDENT server.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cerulean_studios trillian 0.74
cerulean_studios trillian 0.73
cerulean_studios trillian 0.725
CVE-2002-1487 MEDIUM

The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) by sending the raw messages (1) 206, (2) 211, (3) 213, (4) 214, (5) 215, (6) 217, (7) 218, (8) 243, (9) 302, (10) 317, (11) 324, (12) 332, (13) 333, (14) 352, and (15) 367.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cerulean_studios trillian 0.74
CVE-2002-1488 MEDIUM

The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) via a PART message with (1) a missing channel or (2) a channel that the Trillian user is not in.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cerulean_studios trillian 0.74
CVE-2002-2155 HIGH

Format string vulnerability in the error handling of IRC invite responses for Trillian 0.725 and 0.73 allows remote IRC servers to execute arbitrary code via an invite to a channel with format string specifiers in the name.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cerulean_studios trillian 0.73
cerulean_studios trillian 0.725
CVE-2002-2156 HIGH

Buffer overflow in Trillian 0.73 allows remote IRC servers to execute arbitrary code via a long PING response.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cerulean_studios trillian 0.73
CVE-2002-2162 MEDIUM

Cerulean Studios Trillian 0.73 and earlier use weak encrypttion (XOR) for storing user passwords in .ini files in the Trillian directory, which allows local users to gain access to other user accounts.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cerulean_studios trillian 0.73
cerulean_studios trillian 0.725
cerulean_studios trillian 0.6351
CVE-2002-2173 HIGH

Buffer overflow in the IRC module of Trillian 0.725 and 0.73 allowing remote attackers to execute arbitrary code via a long DCC Chat message.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cerulean_studios trillian 0.73
cerulean_studios trillian 0.725
CVE-2002-2366 MEDIUM

Buffer overflow in the XML parser of Trillian 0.6351, 0.725 and 0.73 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a skin with a long colors file name in trillian.xml.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
cerulean_studios trillian 0.73
cerulean_studios trillian 0.725
cerulean_studios trillian 0.6351
CVE-2002-2390 HIGH

Buffer overflow in the IDENT daemon (identd) in Trillian 0.6351, 0.725, 0.73, 0.74 and 1.0 pro allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
cerulean_studios trillian 0.74
cerulean_studios trillian 0.73
cerulean_studios trillian_pro 1.0
CVE-2003-0520 MEDIUM

Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a denial of service (crash) via a TypingUser message in which the "TypingUser" string has been modified.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cerulean_studios trillian 0.74
cerulean_studios trillian 1.0
CVE-2004-1666 HIGH

Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN servers to execute arbitrary code via a long string that ends in a newline character.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cerulean_studios trillian 0.74i
CVE-2004-2304 HIGH

Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cerulean_studios trillian 0.74
cerulean_studios trillian 0.71
cerulean_studios trillian_pro 2.01
cerulean_studios trillian 0.73
cerulean_studios trillian_pro 1.0
cerulean_studios trillian 0.725
cerulean_studios trillian_pro 2.0
CVE-2004-2370 HIGH

Stack-based buffer overflow in Trillian 0.71 through 0.74f and Trillian Pro 1.0 through 2.01 allows remote attackers to execute arbitrary code via a Yahoo Messenger packet with a long key name.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cerulean_studios trillian 0.74
cerulean_studios trillian 0.74f
cerulean_studios trillian 0.74e
cerulean_studios trillian 0.74b
cerulean_studios trillian 0.71
cerulean_studios trillian_pro 2.01
cerulean_studios trillian 0.73
cerulean_studios trillian 0.74g
cerulean_studios trillian_pro 1.0
cerulean_studios trillian 0.725
cerulean_studios trillian_pro 2.0
cerulean_studios trillian 0.74d
cerulean_studios trillian 0.74c
CVE-2005-0633 HIGH

Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to execute arbitrary code via a crafted PNG image file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cerulean_studios trillian 3.0
cerulean_studios trillian_pro 3.0
CVE-2005-0874 MEDIUM

Multiple buffer overflows in the (1) AIM, (2) MSN, (3) RSS, and other plug-ins for Trillian 2.0 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cerulean_studios trillian 2.0
CVE-2005-0875 MEDIUM

Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, and 3.1 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cerulean_studios trillian 3.0
cerulean_studios trillian 2.0
cerulean_studios trillian 3.1
CVE-2005-2444 LOW

Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores the password in plaintext in a world readable file and does not delete the file after login, which allows local users to obtain sensitive information.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cerulean_studios trillian_pro 3.1_build_121
CVE-2005-3141 MEDIUM

Cerulean Studios Trillian 3.0 allows remote attackers to cause a denial of service (crash) via a reverse direct connection from a different client, as demonstrated using LICQ.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cerulean_studios trillian 3.0
CVE-2006-0543 MEDIUM

Cerulean Trillian 3.1.0.120 allows remote attackers to cause a denial of service (client crash) via an AIM message containing the Mac encoded Rich Text Format (RTF) escape sequences (1) \'d1, (2) \'d2, (3) \'d3, (4) \'d4, and (5) \'d5. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cerulean_studios trillian 3.1.0.120
CVE-2009-4831 MEDIUM

Cerulean Studios Trillian 3.1 Basic does not check SSL certificates during MSN authentication, which allows remote attackers to obtain MSN credentials via a man-in-the-middle attack with a spoofed SSL certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
cerulean_studios trillian 3.1
CVE-2012-5824 MEDIUM

Trillian 5.1.0.19 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, a different vulnerability than CVE-2009-4831.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
cerulean_studios trillian 5.1.0.19