This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.
The remote host contains an instant messaging application that is
affected by several vulnerabilities.
The version of Trillian installed on the remote host reportedly
contains several vulnerabilities :
- A stack-based buffer overflow in 'aim.dll' triggered
when parsing messages with overly long attribute values
within the 'FONT' tag.
- A memory corruption issue within XML parsing in
'talk.dll' triggered when processing malformed
attributes within an 'IMG' tag.
- A stack-based buffer overflow in the header-parsing code
for the MSN protocol when processing the
Successful exploitation of each issue can result in code execution
subject to the privileges of the current user.
See also :
Upgrade to Trillian 220.127.116.11 or later as it is reported to resolve
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : false