Pidgin Libpurple Protocol Plugins Denial of Service Vulnerabilities (Win)

Summary
This host is installed with Pidgin and is prone to denial of service vulnerabilities.
Impact
Successful exploitation allows remote attackers to execute arbitrary code, obtain sensitive information or cause a denial of service. Impact Level: System/Application
Solution
Upgrade to Pidgin version 2.10.0 or later. For updates refer to http://pidgin.im/download/windows/
Insight
Multiple flaws are due to, - An error in the IRC protocol plugin in libpurple when handling WHO responses with special characters in the nicknames. - An error in the MSN protocol plugin when handling HTTP 100 responses. - Improper handling of 'file:// URI', allows to execute the file when user clicks on a file:// URI in a received IM.
Affected
Pidgin versions prior to 2.10.0
References