Summary
This host is installed with Pidgin and is prone to multiple denial of service vulnerabilities.
Impact
Successful exploitation allows remote attackers to execute arbitrary code, overwrite arbitrary local files or cause a denial of service.
Impact Level: System/Application
Solution
Upgrade to Pidgin version 2.10.7 or later.
For updates refer to http://pidgin.im/download/windows/
Insight
Multiple flaws are due to,
- MXit protocol in libpurple saves an image to local disk using a filename.
- Buffer overflow in http.c via HTTP header.
- Does not properly terminate long user IDs, in sametime.c in libpurple.
- upnp.c in libpurple fails to null-terminate strings in UPnP responses.
Affected
Pidgin versions prior to 2.10.7
References
Severity
Classification
-
CVE CVE-2013-0271, CVE-2013-0272, CVE-2013-0273, CVE-2013-0274 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- CUPS IPP Packets Processing Denial of Service Vulnerability
- F-PROT AV 'ELF' Header Denial of Service Vulnerability
- at32 Reverse Proxy Multiple HTTP Header Fields Denial Of Service Vulnerability
- avast! AntiVirus Multiple BOF Vulnerabilities (Linux)
- chm2pdf Insecure Temporary File Creation or DoS Vulnerability