Symantec IM Manager 8.x < 8.3.14 (SYM10-005 and SYM10-006)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.

Synopsis :

The instant messaging security application running on the remote
Windows host may be affected by multiple vulnerabilities.

Description :

A version of Symantec IM Manager 8.x earlier than 8.3.14 is installed
on the remote Windows host. Such versions may be affected by one or
both of the following vulnerabilities :

- An integer overflow vulnerability in the third-party
Autonomy KeyView module can be triggered when parsing
a specially crafted OLE document and lead to a heap
overflow and execution of arbitrary code.

- The IM Manager console fails to properly filter user
input from non-privileged users with authorized access
to the console, which can be exploited to inject
arbitrary HTML or script code into a user's browser to
be executed within the security context of the affected
site. (CVE-2009-3036)

See also :

Solution :

Upgrade to Symantec IM Manager 8.4.13 (build 8.4.1362) or later.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 45018 ()

Bugtraq ID: 38241

CVE ID: CVE-2009-3032

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now