Sécurité / Application
MSN file download vulnerability in Pidgin by Fabian Yamaguchi The MSN protocol plugin extracts the filename of a custom emoticon from an incoming request and uploads that file without correlating the filename to a valid custom emoticon. A remote user can download arbitrary files from a libpurple-based client.
Partager sur Twitter
Partager sur Digg
Partager sur MySpace
Fermer