CyberSec.Space Logo
Back to CVE Browser

CVE-2007-3832

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1490%
EPSS Percentile34.48th
PublishedJul 17, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Buffer overflow in the AOL Instant Messenger (AIM) protocol handler in AIM.DLL in Cerulean Studios Trillian allows remote attackers to execute arbitrary code via a malformed aim: URI, as demonstrated by a long URI beginning with the aim:///#1111111/ substring.

Affected Platforms (CPE)

πŸ“¦
Cerulean Studios

Trillian

= 3.1.6.0

References & Advisories

πŸ”— http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0356.html
πŸ”— http://secunia.com/advisories/26086
πŸ”— http://www.kb.cert.org/vuls/id/786920
πŸ”— http://www.securityfocus.com/bid/24927
πŸ”— http://www.vupen.com/english/advisories/2007/2546
πŸ”— http://www.xs-sniper.com/nmcfeters/Cross-App-Scripting-2.html
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/35447
πŸ”— http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0356.html

Related Vulnerabilities

CVE-2007-241810.0

Heap-based buffer overflow in the Rendezvous / Extensible Messaging and Presence Protocol (XMPP) component (plugins\rendezvous.dll...

CVE-2008-540310.0

Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbi...

CVE-2002-239010.0

Buffer overflow in the IDENT daemon (identd) in Trillian 0.6351, 0.725, 0.73, 0.74 and 1.0 pro allows remote attackers to cause a ...

CVE-2008-540110.0

Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arb...