header-logo
Suggest Exploit
vendor:
Pidgin
by:
Pierre Nogues
7.5
CVSS
HIGH
Remote Code Execution
119
CWE
Product Name: Pidgin
Affected Version From: Pidgin <= 2.5.8, Adium and other IM using Pidgin-libpurple/libmsn library
Affected Version To: 2.5.2008
Patch Exists: YES
Related CWE: CVE-2009-2694
CPE: a:pidgin:pidgin:2.5.8
Metasploit: https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2009-2694/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2009-1218/https://www.rapid7.com/db/vulnerabilities/freebsd-vid-59e7af2d-8db7-11de-883b-001e3300a30d/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2009-2694/https://www.rapid7.com/db/vulnerabilities/suse-cve-2009-2694/
Other Scripts:
Platforms Tested: Windows, Linux, Mac
2009

Pidgin MSN <= 2.5.8 Remote Code Execution

This is an exploit for the vulnerability discovered in Pidgin by core-security. The library "libmsn" used by pidgin doesn't handle specially crafted MsnSlp packets which could lead to memory corruption.

Mitigation:

Fixed in Pidgin 2.5.9. Update to the latest version.
Source

Exploit-DB raw data:

Navigation

Suggest Exploit

Services By CQR