Pidgin MSN Custom Smileys File Disclosure Vulnerability (Win) Network Vulnerability

Summary

This host has Pidgin installed and is prone to File Disclosure vulnerability

Impact

Attackers can exploit this issue to gain knowledge of sensitive information via directory traversal attacks. Impact Level: Application

Solution

Apply the patch or upgrade to Pidgin version 2.6.5 http://pidgin.im/download http://developer.pidgin.im/viewmtn/revision/info/c64a1adc8bda2b4aeaae1f273541afbc4f71b810 ***** NOTE: Please ignore this warning if the patch is already applied. *****

Insight

This issue is due to an error in 'slp.c' within the 'MSN protocol plugin' in 'libpurple' when processing application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request.

Affected

Pidgin version prior to 2.6.4 on Windows.

References

http://secunia.com/advisories/37953/
http://www.pidgin.im/news/security/?id=42
http://www.vupen.com/english/advisories/2009/3662

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0013

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Adobe Reader Multiple Unspecified Vulnerabilities Jun06 (Mac OS X)
Apple Safari Multiple Memory Corruption Vulnerabilities-03 Aug14 (Mac OS X)
Adobe Products Unspecified Cross-Site Scripting Vulnerability June-2011 (Windows)
Apple Safari Multiple Memory Corruption Vulnerabilities-02 Apr14 (Mac OS X)
Apple iTunes Multiple Vulnerabilities - Apr10

Take action and discover your vulnerabilities