Title : Gaim URL Handling Remote Buffer Overflow Vulnerability VUPEN ID : VUPEN/ADV-2005-0519 CVE ID : CVE-2005-1261 - CVE-2005-1262 CWE ID : CWE-
Rated as : Critical
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2005-05-11
Technical Description
Two vulnerabilities were identified in Gaim, which may be exploited by remote attackers to execute arbitrary commands or cause a denial of service. The first flaw is due to a stack overflow error that occurs when processing specially crafted URLs (longer than 8192 bytes), which may be exploited by remote attackers to compromise a vulnerable system. The second issue is due to a NULL pointer dereference when receiving a specially crafted MSN message, which may be exploited to cause the application to crash by sending an SLP message with an empty body.
