|Summary||MSN file download vulnerability|
|Discovered By||Fabian Yamaguchi|
|Fixed In Release||2.6.5|
The MSN protocol plugin extracts the filename of a custom emoticon from an incoming request and uploads that file without correlating the filename to a valid custom emoticon.
Validate the custom emoticon requested is valid before uploading its file data.