Detections
Analytics

Pidgin OTR < 3.2.1 Format String

high Nessus Plugin ID 59195

Language:

Synopsis

The remote host has an application installed that is affected by a remote format string vulnerability.

Description

The version of Pidgin OTR (Off-the-Record) installed on the remote Windows host is prior to 3.2.1 and is, therefore, affected by a format string vulnerability that could allow a remote attacker to execute arbitrary code on the affected host.

Solution

Upgrade to Pidgin OTR 3.2.1 or higher.

See Also

https://otr.cypherpunks.ca/index.php#news

https://seclists.org/oss-sec/2012/q2/335

Plugin Details

Severity: High

ID: 59195

File Name: pidgin_otr_3_2_1.nasl

Version: 1.9

Type: local

Agent: windows

Family: Windows

Published: 5/18/2012

Updated: 12/4/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2012-2369

Vulnerability Information

CPE: cpe:/a:otr:pidgin-otr

Required KB Items: SMB/Pidgin_OTR/Installed

Exploit Ease: No known exploits are available

Patch Publication Date: 5/16/2012

Vulnerability Publication Date: 5/16/2012

Reference Information

CVE: CVE-2012-2369

BID: 53557