cpe:/a:adium:adium:1.0 cpe:/a:adium:adium:1.0.1 cpe:/a:adium:adium:1.0.2 cpe:/a:adium:adium:1.0.3 cpe:/a:adium:adium:1.0.4 cpe:/a:adium:adium:1.0.5 cpe:/a:adium:adium:1.1 cpe:/a:adium:adium:1.1.1 cpe:/a:adium:adium:1.1.2 cpe:/a:adium:adium:1.1.3 cpe:/a:adium:adium:1.1.4 cpe:/a:adium:adium:1.2.7 cpe:/a:pidgin:pidgin:2.0.0 cpe:/a:pidgin:pidgin:2.0.1 cpe:/a:pidgin:pidgin:2.0.2 cpe:/a:pidgin:pidgin:2.1.0 cpe:/a:pidgin:pidgin:2.1.1 cpe:/a:pidgin:pidgin:2.2.0 cpe:/a:pidgin:pidgin:2.2.1 cpe:/a:pidgin:pidgin:2.2.2 cpe:/a:pidgin:pidgin:2.3.0 cpe:/a:pidgin:pidgin:2.3.1 cpe:/a:pidgin:pidgin:2.4.0 cpe:/a:pidgin:pidgin:2.4.1 cpe:/a:pidgin:pidgin:2.4.2 CVE-2008-2927 2008-07-07T19:41:00.000-04:00 2017-09-28T21:31:24.990-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-07-08T14:34:00.000-04:00 ALLOWS_OTHER_ACCESS SECTRACK 1020451 BUGTRAQ 20080625 Pidgin 2.4.1 Vulnerability BUGTRAQ 20080806 rPSA-2008-0246-1 gaim BUGTRAQ 20080828 ZDI-08-054: Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability BID 29956 SECUNIA 30971 SECUNIA 31016 SECUNIA 31105 SECUNIA 31387 SECUNIA 31642 SECUNIA 32859 SECUNIA 32861 VUPEN ADV-2008-2032 DEBIAN DSA-1610 MANDRIVA MDVSA-2008:143 MANDRIVA MDVSA-2009:127 REDHAT RHSA-2008:0584 UBUNTU USN-675-1 UBUNTU USN-675-2 MLIST [oss-security] 20080703 Re: Re: CVE Request (pidgin) MLIST [oss-security] 20080704 Re: Re: CVE Request (pidgin) XF adium-msnprotocol-code-execution(44774) CONFIRM http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msn/slplink.c CONFIRM http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msnp9/slplink.c CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246 CONFIRM http://www.pidgin.im/news/security/?id=25 MISC http://www.zerodayinitiative.com/advisories/ZDI-08-054 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=453764 CONFIRM https://issues.rpath.com/browse/RPL-2647 Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, a different vulnerability than CVE-2008-2955.