CVE-2013-6486 — Improper Input Validation in Pidgin

CWE-20 — Improper Input Validation7 documents4 sources

Severity

9.3CRITICALNVD

EPSS

1.3%

top 20.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pidgin Debian Pidgin

Timeline

PublishedFeb 6

Latest updateMay 17

Description

gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction of an explorer.exe command. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3185.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDpidgin/pidgin2.10.7+52

▶debiandebian/pidgin

🔴Vulnerability Details

GHSA

GHSA-vrrf-4f63-4j27: gtkutils↗2022-05-17

▶

📋Vendor Advisories

Debian

CVE-2013-6486: pidgin - gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attack...↗2013

▶

🕵️Threat Intelligence

Talos

Four vulnerabilities in Pidgin↗2014-01-28

▶

Talos

Four vulnerabilities in Pidgin↗2014-01-28

▶

Talos

VRT-2013-1003 (CVE-2013-6486): Pidgin uses clickable links to untrusted executables↗2014-01-28

▶

Talos

VRT-2013-1003 (CVE-2013-6486): Pidgin uses clickable links to untrusted executables↗2014-01-28

▶