Summary
This host is installed with Pidgin and is prone to multiple denial of service vulnerabilities.
Impact
Successful exploitation allows remote attackers to execute arbitrary code, overwrite arbitrary local files or cause a denial of service.
Impact Level: System/Application
Solution
Upgrade to Pidgin version 2.10.7 or later.
For updates refer to http://pidgin.im/download/windows/
Insight
Multiple flaws are due to,
- MXit protocol in libpurple saves an image to local disk using a filename.
- Buffer overflow in http.c via HTTP header.
- Does not properly terminate long user IDs, in sametime.c in libpurple.
- upnp.c in libpurple fails to null-terminate strings in UPnP responses.
Affected
Pidgin versions prior to 2.10.7
References
Severity
Classification
-
CVE CVE-2013-0271, CVE-2013-0272, CVE-2013-0273, CVE-2013-0274 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Active Perl Denial of Service Vulnerability Feb 2014 (Windows)
- Apple Safari WebKit Property Memory Leak Remote DoS Vulnerability
- Comodo Internet Security Denial of Service Vulnerability July 13
- ClamAV Recursion Level Handling Denial of Service Vulnerability (Windows)
- ejabberd XML Parsing Denial of Service Vulnerability (Windows)