The host is installed with Pidgin and is prone to directory traversal vulnerability. A flaw is present in slp.c in the MSN protocol plugin in libpurple, which fails to handle .. (dot dot) sequence in an application/x-msnmsgrp2p MSN emoticon. Successful exploitation could allow remote attackers to obtain sensitive information.