Pidgin < 2.5.9 'msn_slplink_process_msg()' Memory Corruption
High Nessus Plugin ID 40663
SynopsisThe remote host has an instant messaging client that is affected by a memory corruption vulnerability.
DescriptionThe version of Pidgin installed on the remote host is earlier than 2.5.9. Such versions are reportedly affected by a vulnerability in 'msn_slplink_process_msg()'. Maliciously crafted MSN SLP messages can result in memory corruption. A remote attacker could use this to crash the client, or execute arbitrary code.
This attack does not require user interaction or that the attacker is in the victim's buddy list (using the default configuration).
SolutionUpgrade to Pidgin 2.5.9 or later.