9.3

CVE-2011-3185

gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PidginPidgin Version <= 2.9.0
   MicrosoftWindows
PidginPidgin Version2.0.0
   MicrosoftWindows
PidginPidgin Version2.0.1
   MicrosoftWindows
PidginPidgin Version2.0.2
   MicrosoftWindows
PidginPidgin Version2.1.0
   MicrosoftWindows
PidginPidgin Version2.1.1
   MicrosoftWindows
PidginPidgin Version2.2.0
   MicrosoftWindows
PidginPidgin Version2.2.1
   MicrosoftWindows
PidginPidgin Version2.2.2
   MicrosoftWindows
PidginPidgin Version2.3.0
   MicrosoftWindows
PidginPidgin Version2.3.1
   MicrosoftWindows
PidginPidgin Version2.4.0
   MicrosoftWindows
PidginPidgin Version2.4.1
   MicrosoftWindows
PidginPidgin Version2.4.2
   MicrosoftWindows
PidginPidgin Version2.4.3
   MicrosoftWindows
PidginPidgin Version2.5.0
   MicrosoftWindows
PidginPidgin Version2.5.1
   MicrosoftWindows
PidginPidgin Version2.5.2
   MicrosoftWindows
PidginPidgin Version2.5.3
   MicrosoftWindows
PidginPidgin Version2.5.4
   MicrosoftWindows
PidginPidgin Version2.5.5
   MicrosoftWindows
PidginPidgin Version2.5.6
   MicrosoftWindows
PidginPidgin Version2.5.7
   MicrosoftWindows
PidginPidgin Version2.5.8
   MicrosoftWindows
PidginPidgin Version2.5.9
   MicrosoftWindows
PidginPidgin Version2.6.0
   MicrosoftWindows
PidginPidgin Version2.6.1
   MicrosoftWindows
PidginPidgin Version2.6.2
   MicrosoftWindows
PidginPidgin Version2.6.4
   MicrosoftWindows
PidginPidgin Version2.6.5
   MicrosoftWindows
PidginPidgin Version2.6.6
   MicrosoftWindows
PidginPidgin Version2.7.0
   MicrosoftWindows
PidginPidgin Version2.7.1
   MicrosoftWindows
PidginPidgin Version2.7.2
   MicrosoftWindows
PidginPidgin Version2.7.3
   MicrosoftWindows
PidginPidgin Version2.7.4
   MicrosoftWindows
PidginPidgin Version2.7.5
   MicrosoftWindows
PidginPidgin Version2.7.6
   MicrosoftWindows
PidginPidgin Version2.7.7
   MicrosoftWindows
PidginPidgin Version2.7.8
   MicrosoftWindows
PidginPidgin Version2.7.9
   MicrosoftWindows
PidginPidgin Version2.7.10
   MicrosoftWindows
PidginPidgin Version2.7.11
   MicrosoftWindows
PidginPidgin Version2.8.0
   MicrosoftWindows
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.79% 0.908
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/45663
Vendor Advisory
http://securitytracker.com/id?1025961
http://www.securityfocus.com/bid/49268
http://www.openwall.com/lists/oss-security/2011/08/22/10
http://www.openwall.com/lists/oss-security/2011/08/22/12
http://www.openwall.com/lists/oss-security/2011/08/22/7
http://developer.pidgin.im/viewmtn/revision/diff/29484df15413fe3bbd21bbfcef26a55362055a81/with/5749f9193063800d27bef75c2388f6f9cc2f7f37/pidgin/gtkutils.c
Patch
http://developer.pidgin.im/viewmtn/revision/info/5749f9193063800d27bef75c2388f6f9cc2f7f37
Patch
http://pidgin.im/news/security/?id=55
Patch
Vendor Advisory
http://www.insomniasec.com/advisories/ISVA-110822.1.htm
http://www.openwall.com/lists/oss-security/2011/08/22/
http://www.securityfocus.com/archive/1/519391/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/69342
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18324