posted on Tuesday, October 26, 2004 10:52 AM
by
demiliani
GAIM Vulnerability
A vulnerability has been reported in Gaim, the popular multi-protocol Instant Messaging client, which potentially can be exploited by malicious people to compromise a user’s system.
The vulnerability is caused due to a boundary error within the handling of MSN SLP messages. This can be exploited to cause a buffer overflow by supplying a specially crafted sequence of MSN SLP messages. Successful exploitation may potentially allow execution of arbitrary code.
Two other bugs have also been reported, which can be exploited to crash the application when accepting file transfers and processing a malformed MSN SLP message.
Solution? Update to version 1.02 soon: http://gaim.sourceforge.net/downloads.php