This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.
An instant messaging client installed on the remote Windows host is
affected by multiple vulnerabilities.
The version of Pidgin installed on the remote host is earlier than
2.10.7. It is, therefore, potentially affected by the following
- An error exists related to the 'MXit' plugin and
the saving of images that could allow arbitrary files
to be overwritten. (CVE-2013-0271)
- A stack-based buffer overflow exists in the function
'mxit_cb_http_read' in the file
'libpurple/protocols/mxit/http.c' that could allow
arbitrary code execution when handling certain HTTP
- An error exists in the function 'mw_prpl_normalize' in
the file 'libpurple/protocols/sametime/sametime.c' that
could allow denial of service attacks when handling
user IDs longer than 4096 bytes. (CVE-2013-0273)
- Errors exist in the functions
'purple_upnp_remove_port_mapping' in the file
'libpurple/upnp.c' that could allow denial of service
attacks when handling certain UPnP response messages.
See also :
Upgrade to Pidgin 2.10.7 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 6.9
Public Exploit Available : false