Summary MSN malformed SLP message overflow
Date 2008-07-01
CVE Number CVE-2008-2927
Discovered By Anonymous (via TippingPoint's Zero Day Initiative)
Fixed In Release 2.4.3


Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in libpurple allow remote attackers to execute arbitrary code via a malformed SLP message.


The affected function has been patched to fix the vulnerability.

We've launched the new site. Think we're missing something?
Read the blog post or Go to the old site