CVE-2011-3185

gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/49268
http://www.openwall.com/lists/oss-security/2011/08/22/10
http://www.openwall.com/lists/oss-security/2011/08/22/7
http://pidgin.im/news/security/?id=55	Patch Vendor Advisory
http://www.openwall.com/lists/oss-security/2011/08/22/
http://developer.pidgin.im/viewmtn/revision/diff/29484df15413fe3bbd21bbfcef26a55362055a81/with/5749f9193063800d27bef75c2388f6f9cc2f7f37/pidgin/gtkutils.c	Patch
http://www.insomniasec.com/advisories/ISVA-110822.1.htm
http://www.openwall.com/lists/oss-security/2011/08/22/12
http://securitytracker.com/id?1025961
http://secunia.com/advisories/45663	Vendor Advisory
http://developer.pidgin.im/viewmtn/revision/info/5749f9193063800d27bef75c2388f6f9cc2f7f37	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/69342
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18324
http://www.securityfocus.com/archive/1/519391/100/0/threaded

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:pidgin:pidgin:2.0.2:::::::*
	cpe:2.3:a:pidgin:pidgin:2.1.0:::::::*
	cpe:2.3:a:pidgin:pidgin:2.4.1:::::::*
	cpe:2.3:a:pidgin:pidgin:2.4.2:::::::*
	cpe:2.3:a:pidgin:pidgin:2.5.5:::::::*
	cpe:2.3:a:pidgin:pidgin:2.5.6:::::::*
	cpe:2.3:a:pidgin:pidgin:2.6.4:::::::*
	cpe:2.3:a:pidgin:pidgin:2.6.5:::::::*
	cpe:2.3:a:pidgin:pidgin:2.7.6:::::::*
	cpe:2.3:a:pidgin:pidgin:2.7.7:::::::*
	cpe:2.3:a:pidgin:pidgin:2.2.1:::::::*
	cpe:2.3:a:pidgin:pidgin:2.5.9:::::::*
	cpe:2.3:a:pidgin:pidgin:2.7.5:::::::*
	cpe:2.3:a:pidgin:pidgin:2.7.4:::::::*
	cpe:2.3:a:pidgin:pidgin:2.6.0:::::::*
	cpe:2.3:a:pidgin:pidgin:2.5.2:::::::*
	cpe:2.3:a:pidgin:pidgin:2.5.1:::::::*
	cpe:2.3:a:pidgin:pidgin:2.7.11:::::::*
	cpe:2.3:a:pidgin:pidgin:2.7.10:::::::*
	cpe:2.3:a:pidgin:pidgin:2.0.1:::::::*
	cpe:2.3:a:pidgin:pidgin:2.7.3:::::::*
	cpe:2.3:a:pidgin:pidgin:2.5.4:::::::*
	cpe:2.3:a:pidgin:pidgin:2.2.2:::::::*
	cpe:2.3:a:pidgin:pidgin:2.3.1:::::::*
	cpe:2.3:a:pidgin:pidgin:2.8.0:::::::*
	cpe:2.3:a:pidgin:pidgin:2.0.0:::::::*
	cpe:2.3:a:pidgin:pidgin:2.3.0:::::::*
	cpe:2.3:a:pidgin:pidgin:2.4.0:::::::*
	cpe:2.3:a:pidgin:pidgin:2.6.2:::::::*
	cpe:2.3:a:pidgin:pidgin::::::::
	cpe:2.3:a:pidgin:pidgin:2.5.3:::::::*
	cpe:2.3:a:pidgin:pidgin:2.6.1:::::::*
	cpe:2.3:a:pidgin:pidgin:2.7.2:::::::*
	cpe:2.3:a:pidgin:pidgin:2.5.8:::::::*
	cpe:2.3:a:pidgin:pidgin:2.7.9:::::::*
	cpe:2.3:a:pidgin:pidgin:2.7.0:::::::*
	cpe:2.3:a:pidgin:pidgin:2.5.7:::::::*
	cpe:2.3:a:pidgin:pidgin:2.1.1:::::::*
	cpe:2.3:a:pidgin:pidgin:2.4.3:::::::*
	cpe:2.3:a:pidgin:pidgin:2.6.6:::::::*
	cpe:2.3:a:pidgin:pidgin:2.5.0:::::::*
	cpe:2.3:a:pidgin:pidgin:2.2.0:::::::*
	cpe:2.3:a:pidgin:pidgin:2.7.8:::::::*
	cpe:2.3:a:pidgin:pidgin:2.7.1:::::::*

Information

Published : 2011-08-29 10:55

Updated : 2018-10-09 12:33

NVD link : CVE-2011-3185

Mitre link : CVE-2011-3185

JSON object : View

CWE

CWE-20

Improper Input Validation

Products Affected

microsoft

windows

pidgin

pidgin

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/49268", "name": "49268", "tags": [], "refsource": "BID"}, {"url": "http://www.openwall.com/lists/oss-security/2011/08/22/10", "name": "[oss-security] 20110822 Re: CVE request: Pidgin crash", "tags": [], "refsource": "MLIST"}, {"url": "http://www.openwall.com/lists/oss-security/2011/08/22/7", "name": "[oss-security] 20110822 Re: CVE request: Pidgin crash", "tags": [], "refsource": "MLIST"}, {"url": "http://pidgin.im/news/security/?id=55", "name": "http://pidgin.im/news/security/?id=55", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.openwall.com/lists/oss-security/2011/08/22/", "name": "[oss-security] 20110822 Re: CVE request: Pidgin crash", "tags": [], "refsource": "MLIST"}, {"url": "http://developer.pidgin.im/viewmtn/revision/diff/29484df15413fe3bbd21bbfcef26a55362055a81/with/5749f9193063800d27bef75c2388f6f9cc2f7f37/pidgin/gtkutils.c", "name": "http://developer.pidgin.im/viewmtn/revision/diff/29484df15413fe3bbd21bbfcef26a55362055a81/with/5749f9193063800d27bef75c2388f6f9cc2f7f37/pidgin/gtkutils.c", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.insomniasec.com/advisories/ISVA-110822.1.htm", "name": "http://www.insomniasec.com/advisories/ISVA-110822.1.htm", "tags": [], "refsource": "MISC"}, {"url": "http://www.openwall.com/lists/oss-security/2011/08/22/12", "name": "[oss-security] 20110822 Re: CVE request: Pidgin crash", "tags": [], "refsource": "MLIST"}, {"url": "http://securitytracker.com/id?1025961", "name": "1025961", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/45663", "name": "45663", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://developer.pidgin.im/viewmtn/revision/info/5749f9193063800d27bef75c2388f6f9cc2f7f37", "name": "http://developer.pidgin.im/viewmtn/revision/info/5749f9193063800d27bef75c2388f6f9cc2f7f37", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69342", "name": "pidgin-uri-code-execution(69342)", "tags": [], "refsource": "XF"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18324", "name": "oval:org.mitre.oval:def:18324", "tags": [], "refsource": "OVAL"}, {"url": "http://www.securityfocus.com/archive/1/519391/100/0/threaded", "name": "20110822 Insomnia : ISVA-110822.1 - Pidgin IM Insecure URL Handling Remote Code Execution", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2011-3185", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2011-08-29T17:55Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.7.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.7.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.7.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.7.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.9.0"}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.7.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.7.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-09T19:33Z"}

9.3 /10