Pidgin < 2.10.2 Multiple DoS

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.

Synopsis :

An instant messaging client installed on the remote Windows host is
potentially affected by multiple denial of service vulnerabilities.

Description :

The version of Pidgin installed on the remote host is earlier than
2.10.2 and is potentially affected by the following issues :

- A denial of service vulnerability (NULL pointer
dereference) in the 'pidgin_conv_chat_rename_user'
function in 'gtkconv.c'. Remote attackers can trigger
the vulnerability by performing certain types of
nickname changes while in an XMPP chat room.

- The msn_oim_report_to_user function in oim.c allows
remote servers to cause an application crash by
sending an OIM message without UTF-8 encoding.

See also :

Solution :

Upgrade to Pidgin 2.10.2 or later.

Risk factor :

Medium / CVSS Base Score : 6.4
CVSS Temporal Score : 5.6
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 58410 ()

Bugtraq ID: 52475

CVE ID: CVE-2011-4939

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now