Proposed text for MSN emoticon DoS
John Bailey
rekkanoryo at rekkanoryo.org
Wed May 12 01:42:37 EDT 2010
On 05/12/2010 01:21 AM, John Bailey wrote:
> "description" => "A vulnerability was discovered in libpurple's MSN
> protocol plugin that can cause a denial of service (crash) due to insufficient
> validation of certain SLP packets related to custom emoticons. An attacker
> could use this vulnerability to remotely crash a client using libpurple for
> MSN. It is not possible for this vulnerability to be exploited for code
> execution.",
Per Elliott's suggestion, I have updated this text as follows:
"A vulnerability was discovered in libpurple's MSN protocol plugin that can
cause a denial of service (crash) due to insufficient validation of certain SLP
packets related to custom emoticons. An attacker could use this vulnerability
to remotely crash a client using libpurple for MSN. It is not possible for this
vulnerability to be exploited for code execution. As a workaround, disabling
custom emoticons on MSN accounts will prevent the vulnerability."
John
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20100512/be00ce5e/attachment.pgp>
More information about the security
mailing list