Summary MSN file download vulnerability
Date 2010-01-08
CVE Number CVE-2010-0013
Discovered By Fabian Yamaguchi
Fixed In Release 2.6.5


The MSN protocol plugin extracts the filename of a custom emoticon from an incoming request and uploads that file without correlating the filename to a valid custom emoticon.


Validate the custom emoticon requested is valid before uploading its file data.

Looking to reach us via XMPP? Check out the new PidginChat service!