Summary MSN emoticon denial of service
Date 2010-05-12
CVE Number CVE-2010-1624
Discovered By Pierre Nogu├Ęs of Meta Security
Fixed In Release 2.7.0


A vulnerability was discovered in libpurple’s MSN protocol plugin that can cause a denial of service (crash) due to insufficient validation of certain SLP packets related to custom emoticons. An attacker could use this vulnerability to remotely crash a client using libpurple for MSN. It is not possible for this vulnerability to be exploited for code execution. As a workaround, disabling custom emoticons on MSN accounts will prevent the vulnerability.


Validation has been added to the MSN plugin to prevent the crash.

We've launched the new site. Think we're missing something?
Read the blog post or Go to the old site