Trillian < Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 4515


The remote host contains an instant messaging application that is affected by several vulnerabilities.


The version of Trillian installed on the remote host reportedly contains several vulnerabilities :

- A stack buffer overflow in 'aim.dll' triggered when parsing messages with overly long attribute values within the 'FONT' tag.
- A memory corruption issue within XML parsing in 'talk.dll' triggered when processing malformed attributes within an 'IMG' tag.
- A stack buffer overflow in the header-parsing code for the MSN protocol when processing the 'X-MMS-IM-FORMAT' header.

Successful exploitation of each issue can result in code execution subject to the privileges of the current user.


Upgrade to Trillian or later as it is reported to resolve these issues.

See Also

Plugin Details

Severity: High

ID: 4515

Published: 2004/08/18

Modified: 2016/01/15

Nessus ID: 32400

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C


Base Score: 7.3

Temporal Score: 6.4


Temporal Vector: CVSS3#E:U/RL:O/RC:C

Reference Information

CVE: CVE-2008-2407, CVE-2008-2408, CVE-2008-2409

BID: 29330