Pidgin MSN And XMPP Denial Of Service Vulnerabilities (Windows) Network Vulnerability

Summary

This host has installed with Pidgin and is prone to denial of service vulnerabilities.

Impact

Successful exploitation will allow attacker to crash the affected application. Impact Level: Application

Solution

Upgrade to Pidgin version 2.10.4 or later, For updates refer to http://pidgin.im/download

Insight

- An error in 'msn_message_parse_payload()' function handling messages with certain characters or character encodings can be exploited to cause a crash. - An error in SOCKS5 proxy handling code can be exploited to dereference an invalid pointer and cause a crash by sending multiple specially crafted file transfer requests.

Affected

Pidgin version prior 2.10.4 on Windows

References

http://hg.pidgin.im/pidgin/main/rev/4d6bcb4f4ea4
http://pidgin.im/news/security/?id=63
http://secunia.com/advisories/49036/
http://www.pidgin.im/news/security/?id=62

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-2214, CVE-2012-2318

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

ClamAV 'cli_pdf()' PDF File Processing Denial Of Service Vulnerability
Apple iTunes Multiple Vulnerabilities
Firefox Browser Libxul Memory Leak Remote DoS Vulnerability - Linux
ArGoSoft FTP Server XCWD Overflow
Dell OpenManage Web Server <= 3.7.1

Pidgin MSN and XMPP Denial of Service Vulnerabilities (Windows)

Take action and discover your vulnerabilities