|Summary||MSN emoticon denial of service|
|Discovered By||Pierre Noguès of Meta Security|
|Fixed In Release||2.7.0|
A vulnerability was discovered in libpurple’s MSN protocol plugin that can cause a denial of service (crash) due to insufficient validation of certain SLP packets related to custom emoticons. An attacker could use this vulnerability to remotely crash a client using libpurple for MSN. It is not possible for this vulnerability to be exploited for code execution. As a workaround, disabling custom emoticons on MSN accounts will prevent the vulnerability.
Validation has been added to the MSN plugin to prevent the crash.