Insecure DLL Call in Windows

[NaxoneZ .]

Hi,

I have pidgin installed in windows and I find some insecure calls to dll
that can be exploited or used be a malware to plant a dll and execute this
dll every time that pidgin is open. You can find this DLL using process
monitor:

[image: Imágenes integradas 1]

How you can see if an attacker plant a dll in this paths (I tested with
%USERPROFILE%\.gtk-2.0\engine\libwimp.dll with this DLL:
http://www.binaryplanting.com/demo/windows_address_book/wab32res.dll

You can view how pidgin calls this DLL and execute.

I hope with this email you can improve the security of this great tool and
If finally you publish this issue I hope that my name appears in the
advisory too :)

Regards and thanks for all!!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20140514/4e2b7cb3/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 18029 bytes
Desc: not available
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20140514/4e2b7cb3/attachment.png>