Trillian < 3.1.12.0 Multiple Vulnerabilities

This script is Copyright (C) 2008-2017 Tenable Network Security, Inc.


Synopsis :

The remote host contains an instant messaging application that is
affected by several vulnerabilities.

Description :

The version of Trillian installed on the remote host reportedly
contains several vulnerabilities :

- A stack-based buffer overflow in the tool tip processing
code could allow an unauthenticated attacker to execute
arbitrary code with client privileges on the remote
system. (ZDI-08-077)

- A vulnerability in the XML processing code responsible
for handling specially formulated XML could lead to
arbitrary code execution on the remote system.
(ZDI-08-078)

- A vulnerability in XML processing code responsible
for handling malformed XML tags could lead to
arbitrary code execution on the remote system.
(ZDI-08-079)

See also :

http://www.zerodayinitiative.com/advisories/ZDI-08-077/
http://www.zerodayinitiative.com/advisories/ZDI-08-078/
http://www.zerodayinitiative.com/advisories/ZDI-08-079/
http://seclists.org/fulldisclosure/2008/Dec/108
http://seclists.org/fulldisclosure/2008/Dec/109
http://seclists.org/fulldisclosure/2008/Dec/110
http://web.archive.org/web/20160322091015/http://blog.trillian.im/?p=404

Solution :

Upgrade to Trillian 3.1.12.0 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 35042 ()

Bugtraq ID: 32645

CVE ID: CVE-2008-5401
CVE-2008-5402
CVE-2008-5403

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now