Lucene search

[email protected]CVE-2013-6486

HistoryFeb 06, 2014 - 4:10 p.m.

CVE-2013-6486

2014-02-0616:10:58

CWE-20

[email protected]

web.nvd.nist.gov

cve-2013-6486

pidgin

windows

remote code execution

url handling

vulnerability

7.2 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.017 Low

EPSS

Percentile

87.9%

JSON

gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction of an explorer.exe command. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3185.

Affected configurations

NVD

Node

pidginpidginRange≤2.10.7

pidginpidginMatch2.0.0

pidginpidginMatch2.0.1

pidginpidginMatch2.0.2

pidginpidginMatch2.1.0

pidginpidginMatch2.1.1

pidginpidginMatch2.2.0

pidginpidginMatch2.2.1

pidginpidginMatch2.2.2

pidginpidginMatch2.3.0

pidginpidginMatch2.3.1

pidginpidginMatch2.4.0

pidginpidginMatch2.4.1

pidginpidginMatch2.4.2

pidginpidginMatch2.4.3

pidginpidginMatch2.5.0

pidginpidginMatch2.5.1

pidginpidginMatch2.5.2

pidginpidginMatch2.5.3

pidginpidginMatch2.5.4

pidginpidginMatch2.5.5

pidginpidginMatch2.5.6

pidginpidginMatch2.5.7

pidginpidginMatch2.5.8

pidginpidginMatch2.5.9

pidginpidginMatch2.6.0

pidginpidginMatch2.6.1

pidginpidginMatch2.6.2

pidginpidginMatch2.6.3

pidginpidginMatch2.6.4

pidginpidginMatch2.6.5

pidginpidginMatch2.6.6

pidginpidginMatch2.7.0

pidginpidginMatch2.7.1

pidginpidginMatch2.7.2

pidginpidginMatch2.7.3

pidginpidginMatch2.7.4

pidginpidginMatch2.7.5

pidginpidginMatch2.7.6

pidginpidginMatch2.7.7

pidginpidginMatch2.7.8

pidginpidginMatch2.7.9

pidginpidginMatch2.7.10

pidginpidginMatch2.7.11

pidginpidginMatch2.8.0

pidginpidginMatch2.9.0

pidginpidginMatch2.10.0

pidginpidginMatch2.10.1

pidginpidginMatch2.10.2

pidginpidginMatch2.10.3

pidginpidginMatch2.10.4

pidginpidginMatch2.10.5

pidginpidginMatch2.10.6

CPENameOperatorVersion
pidgin:pidginpidginle2.10.7
pidgin:pidginpidgineq2.0.0
pidgin:pidginpidgineq2.0.1
pidgin:pidginpidgineq2.0.2
pidgin:pidginpidgineq2.1.0
pidgin:pidginpidgineq2.1.1
pidgin:pidginpidgineq2.2.0
pidgin:pidginpidgineq2.2.1
pidgin:pidginpidgineq2.2.2
pidgin:pidginpidgineq2.3.0

CPE	Name	Operator	Version
pidgin:pidgin	pidgin	le	2.10.7
pidgin:pidgin	pidgin	eq	2.0.0
pidgin:pidgin	pidgin	eq	2.0.1
pidgin:pidgin	pidgin	eq	2.0.2
pidgin:pidgin	pidgin	eq	2.1.0
pidgin:pidgin	pidgin	eq	2.1.1
pidgin:pidgin	pidgin	eq	2.2.0
pidgin:pidgin	pidgin	eq	2.2.1
pidgin:pidgin	pidgin	eq	2.2.2
pidgin:pidgin	pidgin	eq	2.3.0