Pidgin Multiple Denial of Service Vulnerabilities -Feb13 (Windows)

Summary
This host is installed with Pidgin and is prone to multiple denial of service vulnerabilities.
Impact
Successful exploitation allows remote attackers to execute arbitrary code, overwrite arbitrary local files or cause a denial of service. Impact Level: System/Application
Solution
Upgrade to Pidgin version 2.10.7 or later. For updates refer to http://pidgin.im/download/windows/
Insight
Multiple flaws are due to, - MXit protocol in libpurple saves an image to local disk using a filename. - Buffer overflow in http.c via HTTP header. - Does not properly terminate long user IDs, in sametime.c in libpurple. - upnp.c in libpurple fails to null-terminate strings in UPnP responses.
Affected
Pidgin versions prior to 2.10.7
References