CVE-2010-0013
HIGHAdium and Pidgin - Path Traversal via MSN Emoticon Request
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2010-0013. PoCs published by Mathieu GASPARD.
AI-analyzed exploit summary This Python script exploits CVE-2010-0013, a directory traversal vulnerability in Pidgin's MSN protocol handler, allowing arbitrary file disclosure from a victim's system. It uses the pymsn library to authenticate and send a crafted emoticon request to trigger the vulnerability.
Description
Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon.
Exploits (1)
This Python script exploits CVE-2010-0013, a directory traversal vulnerability in Pidgin's MSN protocol handler, allowing arbitrary file disclosure from a victim's system. It uses the pymsn library to authenticate and send a crafted emoticon request to trigger the vulnerability.
References (24)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N