CVE-2009-2694

Adium < 1.3.5 and Pidgin < 2.5.8 - Remote Code Execution via Crafted MSNSLP Messages

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2694. PoCs published by Pierre Nogues.

AI-analyzed exploit summary This exploit targets a memory corruption vulnerability in Pidgin's MSN protocol handling (CVE-2009-1376). It crafts a malicious MsnSlp packet to overwrite stack memory and execute arbitrary shellcode (calc.exe) via a buffer overflow.

Description

The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Pierre Nogues · remotewindows
https://www.exploit-db.com/exploits/9615

This exploit targets a memory corruption vulnerability in Pidgin's MSN protocol handling (CVE-2009-1376). It crafts a malicious MsnSlp packet to overwrite stack memory and execute arbitrary shellcode (calc.exe) via a buffer overflow.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Pidgin <= 2.5.8 (libmsn)
Auth required
Prerequisites: Valid MSN credentials for attacker and target · Target must accept the exploit's MSN contact request
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (19)

Core 19
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=514957
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/2303
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36392
Vendor Advisory x_refsource_confirm
http://www.pidgin.im/news/security/?id=34
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36402
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36384
Patch vendor-advisory x_refsource_debian
http://www.debian.org/security/2009/dsa-1870
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37071
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36708
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/2663
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36401
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/9615
Third Party Advisory x_refsource_confirm
http://developer.pidgin.im/wiki/ChangeLog
Vendor Advisory vendor-advisory x_refsource_redhat
https://rhn.redhat.com/errata/RHSA-2009-1218.html

Scores

EPSS 0.2029
EPSS Percentile 97.1%

Details

CWE
CWE-399
Status published
Products (29)
adium/adium 1.2.7
adium/adium 1.3
adium/adium 1.3.1
adium/adium 1.3.2
adium/adium 1.3.3
adium/adium 1.3.4
adium/adium < 1.3.5
pidgin/pidgin 2.0.0
pidgin/pidgin 2.0.1
pidgin/pidgin 2.0.2
... and 19 more
Published Aug 21, 2009
Tracked Since Feb 18, 2026