[Pidgin] #15289: exchndl.dll issues
Pidgin
trac at pidgin.im
Sun Aug 26 00:56:55 EDT 2012
#15289: exchndl.dll issues
-----------------------------+----------------------------------------------
Reporter: ioerror | Owner: datallah
Type: defect | Status: new
Component: winpidgin (gtk) | Version: 2.10.6
Keywords: security |
-----------------------------+----------------------------------------------
exchndl.dll is shipped with the Windows pidgin (
http://developer.pidgin.im/static/win32/pidgin-inst-deps-20100315.tar.gz).
I think the source for that dll is from
http://pidgin.im/~datallah/exchndl.c
I did a quick audit and in general, it appears that it has a few issues.
CVE-2010-x+n seems to ( http://blog.zoller.lu/2010/08/cve-2010-xn-
loadlibrarygetprocaddress.html ) apply. Specifically, it looks like (
http://www.exploit-db.com/exploits/14741/ ) a specifically crafted DLL
could really screw things up at crash time (
http://www.securityfocus.com/bid/1699/discuss http://msdn.microsoft.com
/en-us/library/ms684175%28VS.85%29.aspx ). It might even be possible
--
Ticket URL: <http://developer.pidgin.im/ticket/15289>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list