Summary
The host is running Pidgin, which is prone to integer overflow vulnerability.
Impact
Remote attacker can execute arbitrary code by sending specially crafted SLP message with the privilege of a user.
Impact Level : SYSTEM
Solution
Upgrade to Pidgin Version 2.4.3,
http://www.pidgin.im/download/
Insight
The flaw is due to errors in the msn_slplink_process_msg function in libpurple/protocols/msnp9/slplink.c and libpurple/protocols/msn/slplink.c files, which fails to perform adequate boundary checks on user-supplied data.
Affected
- Pidgin Version prior to 2.4.3 on Windows (All).
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-2927 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Windows)
- Brother HL-5370DW Printer 'post/panel.html' Security Bypass Vulnerability
- Apple Safari 'SRC' Remote Denial Of Service Vulnerability
- Apple Safari Webkit Multiple Vulnerabilities - June13 (Mac OS X)
- Asterisk SIP Response Username Enumeration Remote Information Disclosure Vulnerability