Summary
This host is installed with Pidgin and is prone to denial of service vulnerabilities.
Impact
Successful exploitation allows remote attackers to execute arbitrary code, obtain sensitive information or cause a denial of service.
Impact Level: System/Application
Solution
Upgrade to Pidgin version 2.10.0 or later.
For updates refer to http://pidgin.im/download/windows/
Insight
Multiple flaws are due to,
- An error in the IRC protocol plugin in libpurple when handling WHO responses with special characters in the nicknames.
- An error in the MSN protocol plugin when handling HTTP 100 responses.
- Improper handling of 'file:// URI', allows to execute the file when user clicks on a file:// URI in a received IM.
Affected
Pidgin versions prior to 2.10.0
References
Severity
Classification
-
CVE CVE-2011-2943, CVE-2011-3184, CVE-2011-3185 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- GoodTech SSH Server SFTP Multiple BOF Vulnerabilities
- Adobe Digital Edition Denial of Service Vulnerability (Mac OS X)
- Adobe Reader PDF Handling Denial Of Service Vulnerability (Linux)
- Google Chrome Multiple Denial of Service Vulnerabilities - January12 (Mac OS X)
- 7-Zip Unspecified Archive Handling Vulnerability (Win)