This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.
The instant messaging security application running on the remote
Windows host may be affected by multiple vulnerabilities.
A version of Symantec IM Manager 8.x earlier than 8.3.14 is installed
on the remote Windows host. Such versions may be affected by one or
both of the following vulnerabilities :
- An integer overflow vulnerability in the third-party
Autonomy KeyView module can be triggered when parsing
a specially crafted OLE document and lead to a heap
overflow and execution of arbitrary code.
- The IM Manager console fails to properly filter user
input from non-privileged users with authorized access
to the console, which can be exploited to inject
arbitrary HTML or script code into a user's browser to
be executed within the security context of the affected
See also :
Upgrade to Symantec IM Manager 8.4.13 (build 8.4.1362) or later.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : false