virus logo Intrusion Prevention

Pidgin.MSN.Custom.Smileys.File.Disclosure.Vuln

description-logoDescription

[CVE-2010-0013]
Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request.

affected-products-logoAffected Products

Pidgin version 2.6.4 and before.

Impact logoImpact

The vulnerable system can be compromised by a specially designed MSN emotion request causing content disclosure of an arbitrary files.

recomended-action-logoRecommended Actions

Please following instruction as outlined in vendor website
http://www.pidgin.im/news/security/?id=42

Coverage

IPS (Regular DB)
IPS (Extended DB)
ID 24143
Created Aug 17, 2010
Updated Aug 17, 2010
CVE ID
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Exploit Prediction Score 12.85%
Default Action Unavailable
Active
Profile Type N/A