The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows (1) remote malicious users to inject arbitrary Gaim markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit, (2) remote malicious users to inject arbitrary Pango markup and pop up empty dialog boxes via irc_msg_invite, or (3) malicious IRC servers to cause a denial of service (application crash) by injecting certain Pango markup into irc_msg_badmode, irc_msg_banned, irc_msg_unknown, irc_msg_nochan functions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
rob flynn gaim 1.2.0 |