Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:26945
HistoryAug 30, 2011 - 12:00 a.m.

Insomnia : ISVA-110822.1 - Pidgin IM Insecure URL Handling Remote Code Execution

2011-08-3000:00:00
vulners.com
15

Insomnia Security Vulnerability Advisory: ISVA-110822.1


Name: Pidgin IM Insecure URL Handling Remote Code Execution
Reported: 21 July 2011

Vendor Link:
http://www.pidgin.im

Affected Products:
Pidgin Instant Messaging Client <= 2.9.0

Original Advisory:
http://www.insomniasec.com/advisories/ISVA-110822.1.htm

Researcher:
James Burton, Insomnia Security
http://www.insomniasec.com



Description


Pidgin is an open source instant messaging client that allows users
to log in to accounts on multiple chat networks simultaneously.

An insecure URL handling vulnerability exists in Pidgin <= 2.9.0
that can be exploited to cause remote code execution.

This vulnerability requires user interaction in the form of clicking
a malicious crafted URL.


Details


Pidgin supports the use of URL handlers in IM sessions. The Windows build
passes URLs directly to the ShellExecute API where they are executed under
the context of the user running the application.

When passed through a file:// URL a malicious executable can be hosted
and executed off a remote WEBDAV/SMB share.

This vulnerability requires user interaction in the form of clicking a
crafted URL but Pidgins Insert -> Link function gives the option of adding
a description which masks the underlying link.

This makes the task of social engineering the target a trivial one.

This vulnerability has only been confirmed over Google-Talk though
exploitation over other chat networks may be possible.


Solution


Upgrade to Pidgin 2.10.0 from http://www.pidgin.im/
The Pidgin changelog can be found http://developer.pidgin.im/wiki/ChangeLog


Legals


The information is provided for research and educational purposes
only. Insomnia Security accepts no liability in any form whatsoever
for any direct or indirect damages associated with the use of this
information.


Insomnia Security Vulnerability Advisory: ISVA-110822.1