Trillian Pro

trillian_pro

CVEs (10)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2008-5403 2Cerulean Studios Ceruleanstudios 4Trillian TrillianTrillian Pro+1 more Apr 23, 2026 Dec 10, 2008 N/A· v4 N/A· v3 10.0 HIGH· v2 Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag.
CVE-2008-5402 2Cerulean Studios Ceruleanstudios 4Trillian TrillianTrillian Pro+1 more Apr 23, 2026 Dec 10, 2008 N/A· v4 N/A· v3 10.0 HIGH· v2 Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID."
CVE-2008-5401 2Cerulean Studios Ceruleanstudios 4Trillian TrillianTrillian Pro+1 more Apr 23, 2026 Dec 10, 2008 N/A· v4 N/A· v3 10.0 HIGH· v2 Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to "AIM IMG Tag Parsing."
CVE-2007-2478 1Cerulean Studios 1Trillian Pro Apr 23, 2026 May 3, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Multiple heap-based buffer overflows in the IRC component in Cerulean Studios Trillian Pro before 3.1.5.1 allow remote attackers to corrupt memory and possibly execute arbitrary code via (1) a URL with a long UTF-8 strin...Show more Multiple heap-based buffer overflows in the IRC component in Cerulean Studios Trillian Pro before 3.1.5.1 allow remote attackers to corrupt memory and possibly execute arbitrary code via (1) a URL with a long UTF-8 string, which triggers the overflow when the user highlights it, or (2) a font HTML tag with a face attribute containing a long UTF-8 string.Show less
CVE-2007-2418 1Cerulean Studios 1Trillian Pro Apr 23, 2026 May 2, 2007 N/A· v4 N/A· v3 10.0 HIGH· v2 Heap-based buffer overflow in the Rendezvous / Extensible Messaging and Presence Protocol (XMPP) component (plugins\rendezvous.dll) for Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to execute arbi...Show more Heap-based buffer overflow in the Rendezvous / Extensible Messaging and Presence Protocol (XMPP) component (plugins\rendezvous.dll) for Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to execute arbitrary code via a message that triggers the overflow from expansion that occurs during encoding.Show less
CVE-2005-2444 1Cerulean Studios 1Trillian Pro Apr 16, 2026 Aug 3, 2005 N/A· v4 N/A· v3 2.1 LOW· v2 Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores the password in plaintext in a world readable file and does not delete the file after login, which allows local users to obtain sensitive information.
CVE-2005-0633 1Cerulean Studios 2Trillian Trillian Pro Apr 16, 2026 Mar 2, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to execute arbitrary code via a crafted PNG image file.
CVE-2004-2370 1Cerulean Studios 2Trillian Trillian Pro Apr 16, 2026 Dec 31, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 Stack-based buffer overflow in Trillian 0.71 through 0.74f and Trillian Pro 1.0 through 2.01 allows remote attackers to execute arbitrary code via a Yahoo Messenger packet with a long key name.
CVE-2004-2304 1Cerulean Studios 2Trillian Trillian Pro Apr 16, 2026 Dec 31, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based...Show more Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow.Show less
CVE-2002-2390 1Cerulean Studios 2Trillian Trillian Pro Apr 16, 2026 Dec 31, 2002 N/A· v4 N/A· v3 10.0 HIGH· v2 Buffer overflow in the IDENT daemon (identd) in Trillian 0.6351, 0.725, 0.73, 0.74 and 1.0 pro allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long request.