[Pidgin] #15289: exchndl.dll issues

Pidgin trac at pidgin.im
Sun Aug 26 17:10:42 EDT 2012

#15289: exchndl.dll issues
 Reporter:  ioerror   |        Owner:  datallah       
     Type:  defect    |       Status:  new            
Milestone:            |    Component:  winpidgin (gtk)
  Version:  2.10.6    |   Resolution:                 
 Keywords:  security  |  

Comment(by ioerror):

 I think LoadLibrary vulnerable to CVE-2010-x+n but I don't see an obvious
 way to exploit it. That is a classic problem with CVE-2010-x+n, of course.

 I'm not sure about [_tcsrchr] but I'm sure ultramegaman will let us know
 if it is an issue.

 Regarding rprintf(), yes, I think I agree regarding the ability to
 overflow the static buffer. That can be easily fixed by checking the
 length of the string.

 I'd probably just rewrite a lot of the possibly problematic code to be
 safe. I opened this ticket with the developers:

 As I'm still not sure of the final file's contents, I'm not clear if this
 would be a CVE only for exchndl.dll proper or both exchndl.dll and
 pidgin's derivative exchndl.dll. I think it is in both - though it isn't
 clear in what scenarios it would be exploitable by a malicious party, so
 it isn't terribly critical for all issues. Though the rprintf() issue
 seems like it will be triggered exactly when a malicious attacker has
 taken it upon themselves to mess with things...

Ticket URL: <http://developer.pidgin.im/ticket/15289#comment:5>
Pidgin <http://pidgin.im>

More information about the Tracker mailing list