Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2013-6486

gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction of an explorer.exe command. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3185.

Related bugs and status

CVE-2013-6486 (Candidate) is related to these bugs:

Bug #1275113: Update to 2.10.9

Summary				In	Importance	Status
	1275113	Update to 2.10.9		pidgin (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://hg.pidgin.im/pi...
CONFIRM: http://pidgin.im/news/...
BID: 65189
SUSE: openSUSE-SU-2014:0239
SUSE: openSUSE-SU-2014:0326