cve-2010-1624-00

Summary MSN emoticon denial of service
Date 2010-05-12
CVE Number CVE-2010-1624
Discovered By Pierre Nogu├Ęs of Meta Security
Fixed In Release 2.7.0

Description

A vulnerability was discovered in libpurple’s MSN protocol plugin that can cause a denial of service (crash) due to insufficient validation of certain SLP packets related to custom emoticons. An attacker could use this vulnerability to remotely crash a client using libpurple for MSN. It is not possible for this vulnerability to be exploited for code execution. As a workaround, disabling custom emoticons on MSN accounts will prevent the vulnerability.

Mitigation

Validation has been added to the MSN plugin to prevent the crash.

Looking to reach us via XMPP? Check out the new PidginChat service!