summary: MSN emoticon denial of service
discoveredBy: Pierre Noguès of Meta Security
A vulnerability was discovered in libpurple's MSN protocol plugin that can cause
a denial of service (crash) due to insufficient validation of certain SLP
packets related to custom emoticons. An attacker could use this vulnerability to
remotely crash a client using libpurple for MSN. It is not possible for this
vulnerability to be exploited for code execution. As a workaround, disabling
custom emoticons on MSN accounts will prevent the vulnerability.
Validation has been added to the MSN plugin to prevent the crash.