|Summary||MSN malformed SLP message overflow|
|Discovered By||Anonymous (via TippingPoint's Zero Day Initiative)|
|Fixed In Release||2.4.3|
Multiple integer overflows in the
msn_slplink_process_msg functions in the
MSN protocol handler in libpurple allow remote attackers to execute arbitrary
code via a malformed SLP message.
The affected function has been patched to fix the vulnerability.