Summary
This host is installed with Pidgin and is prone to denial of service vulnerabilities.
Impact
Successful exploitation allows remote attackers to execute arbitrary code, obtain sensitive information or cause a denial of service.
Impact Level: System/Application
Solution
Upgrade to Pidgin version 2.10.0 or later.
For updates refer to http://pidgin.im/download/windows/
Insight
Multiple flaws are due to,
- An error in the IRC protocol plugin in libpurple when handling WHO responses with special characters in the nicknames.
- An error in the MSN protocol plugin when handling HTTP 100 responses.
- Improper handling of 'file:// URI', allows to execute the file when user clicks on a file:// URI in a received IM.
Affected
Pidgin versions prior to 2.10.0
References
Severity
Classification
-
CVE CVE-2011-2943, CVE-2011-3184, CVE-2011-3185 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- ClamAV Multiple Vulnerabilities (Linux)
- Adobe Flash Player/Air Multiple Vulnerabilities - August10 (Linux)
- Apache APR-Utils XML Parser Denial of Service Vulnerability
- EMC Data Protection Advisor NULL Pointer Dereference Denial of Service Vulnerability
- Adobe Reader Denial of Service Vulnerability (May09)