Summary MSN file download vulnerability
Date 2010-01-08
CVE Number CVE-2010-0013
Discovered By Fabian Yamaguchi
Fixed In Release 2.6.5


The MSN protocol plugin extracts the filename of a custom emoticon from an incoming request and uploads that file without correlating the filename to a valid custom emoticon.


Validate the custom emoticon requested is valid before uploading its file data.

We've launched the new site. Think we're missing something?
Read the blog post or Go to the old site