This script is Copyright (C) 2017 Tenable Network Security, Inc.
An instant messaging client installed on the remote host is affected
by a remote code execution vulnerability.
The version of Pidgin installed on the remote Windows host is prior to
2.12.0. It is, therefore, affected by a remote code execution
vulnerability in the libpurple library in util.c due to an
out-of-bounds writer error in the purple_markup_unescape_entity()
function that is triggered when handling invalid XML entities
separated by whitespaces. An unauthenticated, remote attacker can
exploit this, via a malicious server, to execute arbitrary code.
See also :
Upgrade to Pidgin version 2.12.0 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 6.9
Public Exploit Available : false