Vulnerability Description
gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message.
CVSS Score
9.3
HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows | All versions |
| Pidgin | Pidgin | <= 2.9.0 |
Related Weaknesses (CWE)
References
- http://developer.pidgin.im/viewmtn/revision/diff/29484df15413fe3bbd21bbfcef26a55Patch
- http://developer.pidgin.im/viewmtn/revision/info/5749f9193063800d27bef75c2388f6fPatch
- http://pidgin.im/news/security/?id=55PatchVendor Advisory
- http://secunia.com/advisories/45663Vendor Advisory
- http://securitytracker.com/id?1025961
- http://www.insomniasec.com/advisories/ISVA-110822.1.htm
- http://www.openwall.com/lists/oss-security/2011/08/22/
- http://www.openwall.com/lists/oss-security/2011/08/22/10
- http://www.openwall.com/lists/oss-security/2011/08/22/12
- http://www.openwall.com/lists/oss-security/2011/08/22/7
- http://www.securityfocus.com/archive/1/519391/100/0/threaded
- http://www.securityfocus.com/bid/49268
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69342
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://developer.pidgin.im/viewmtn/revision/diff/29484df15413fe3bbd21bbfcef26a55Patch
FAQ
What is CVE-2011-3185?
CVE-2011-3185 is a vulnerability with a CVSS score of 9.3 (HIGH). gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message.
How severe is CVE-2011-3185?
CVE-2011-3185 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-3185?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows, Pidgin Pidgin.