Vulnerabilities > CVE-2010-0277 - Resource Management Errors vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a different issue than CVE-2010-0013.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0115.NASL description Updated pidgin packages that fix three security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way Pidgin last seen 2020-06-01 modified 2020-06-02 plugin id 44666 published 2010-02-19 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44666 title RHEL 4 / 5 : pidgin (RHSA-2010:0115) NASL family SuSE Local Security Checks NASL id SUSE_11_1_FINCH-100219.NASL description This update of pidgin fixes various security vulnerabilities - CVE-2010-0013: CVSS v2 Base Score: 4.3: Path Traversal (CWE-22) Remote file disclosure vulnerability by using the MSN protocol. - CVE-2010-0277: CVSS v2 Base Score: 4.9: Resource Management Errors (CWE-399) MSN protocol plugin in libpurple allowed remote attackers to cause a denial of service (memory corruption) at least. - CVE-2010-0420 Same nick names in XMPP MUC lead to a crash in finch. - CVE-2010-0423 A remote denial of service attack (resource consumption) is possible by sending an IM with a lot of smilies in it. last seen 2020-06-01 modified 2020-06-02 plugin id 44979 published 2010-03-04 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44979 title openSUSE Security Update : finch (finch-2032) NASL family Scientific Linux Local Security Checks NASL id SL_20100218_PIDGIN_ON_SL4_X.NASL description CVE-2010-0277 pidgin MSN protocol plugin memory corruption CVE-2010-0420 pidgin: Finch XMPP MUC Crash CVE-2010-0423 pidgin: Smiley Denial of Service An input sanitization flaw was found in the way Pidgin last seen 2020-06-01 modified 2020-06-02 plugin id 60738 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60738 title Scientific Linux Security Update : pidgin on SL4.x, SL5.x i386/x86_64 NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2010-069-01.NASL description New pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0, and -current to fix denial of service issues. last seen 2020-06-01 modified 2020-06-02 plugin id 45024 published 2010-03-11 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45024 title Slackware 12.0 / 12.1 / 12.2 / 13.0 / current : pidgin (SSA:2010-069-01) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_A2C4D3D54C7B11DF83FB0015587E2CC1.NASL description Three denial of service vulnerabilities where found in pidgin and allow remote attackers to crash the application. The developers summarized these problems as follows : Pidgin can become unresponsive when displaying large numbers of smileys Certain nicknames in group chat rooms can trigger a crash in Finch Failure to validate all fields of an incoming message can trigger a crash last seen 2020-06-01 modified 2020-06-02 plugin id 45585 published 2010-04-21 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45585 title FreeBSD : pidgin -- multiple remote denial of service vulnerabilities (a2c4d3d5-4c7b-11df-83fb-0015587e2cc1) NASL family SuSE Local Security Checks NASL id SUSE_11_2_FINCH-100219.NASL description This update of pidgin fixes various security vulnerabilities - CVE-2010-0013: CVSS v2 Base Score: 4.3: Path Traversal (CWE-22) Remote file disclosure vulnerability by using the MSN protocol. - CVE-2010-0277: CVSS v2 Base Score: 4.9: Resource Management Errors (CWE-399) MSN protocol plugin in libpurple allowed remote attackers to cause a denial of service (memory corruption) at least. - CVE-2010-0420 Same nick names in XMPP MUC lead to a crash in finch. - CVE-2010-0423 A remote denial of service attack (resource consumption) is possible by sending an IM with a lot of smilies in it. last seen 2020-06-01 modified 2020-06-02 plugin id 44982 published 2010-03-04 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44982 title openSUSE Security Update : finch (finch-2032) NASL family Fedora Local Security Checks NASL id FEDORA_2010-1279.NASL description 2.6.6 with security and numerous minor bug fixes CVE-2010-0277 CVE-2010-0420 CVE-2010-0423 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47244 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47244 title Fedora 11 : pidgin-2.6.6-1.fc11 (2010-1279) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-902-1.NASL description Fabian Yamaguchi discovered that Pidgin incorrectly validated all fields of an incoming message in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. (CVE-2010-0277) Sadrul Habib Chowdhury discovered that Pidgin incorrectly handled certain nicknames in Finch group chat rooms. A remote attacker could use a specially crafted nickname and cause Pidgin to crash, leading to a denial of service. (CVE-2010-0420) Antti Hayrynen discovered that Pidgin incorrectly handled large numbers of smileys. A remote attacker could send a specially crafted message and cause Pidgin to become unresponsive, leading to a denial of service. (CVE-2010-0423). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 44688 published 2010-02-23 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44688 title Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : pidgin vulnerabilities (USN-902-1) NASL family SuSE Local Security Checks NASL id SUSE_11_FINCH-100219.NASL description This update of pidgin fixes various security vulnerabilities : - Remote file disclosure vulnerability by using the MSN protocol. (CVE-2010-0013: CVSS v2 Base Score: 4.3 : Path Traversal (CWE-22)) - MSN protocol plugin in libpurple allowed remote attackers to cause a denial of service (memory corruption) at least. (CVE-2010-0277: CVSS v2 Base Score: 4.9 : Resource Management Errors (CWE-399)) - Same nick names in XMPP MUC lead to a crash in finch. (CVE-2010-0420) - A remote denial of service attack (resource consumption) is possible by sending an IM with a lot of smilies in it. (CVE-2010-0423) last seen 2020-06-01 modified 2020-06-02 plugin id 44965 published 2010-03-03 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44965 title SuSE 11 Security Update : pidgin (SAT Patch Number 2019) NASL family Fedora Local Security Checks NASL id FEDORA_2010-1383.NASL description 2.6.6 with security and numerous minor bug fixes CVE-2010-0277 CVE-2010-0420 CVE-2010-0423 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47252 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47252 title Fedora 12 : pidgin-2.6.6-1.fc12 (2010-1383) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-041.NASL description Multiple security vulnerabilities has been identified and fixed in pidgin : Certain malformed SLP messages can trigger a crash because the MSN protocol plugin fails to check that all pieces of the message are set correctly (CVE-2010-0277). In a user in a multi-user chat room has a nickname containing last seen 2020-06-01 modified 2020-06-02 plugin id 44664 published 2010-02-19 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44664 title Mandriva Linux Security Advisory : pidgin (MDVSA-2010:041) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_143318-03.NASL description GNOME 2.6.0_x86: Instant Messaging patch. Date this patch was last updated by Sun : Nov/30/10 last seen 2020-06-01 modified 2020-06-02 plugin id 108035 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108035 title Solaris 10 (x86) : 143318-03 NASL family Solaris Local Security Checks NASL id SOLARIS10_143317.NASL description GNOME 2.6.0: Instant Messaging patch. Date this patch was last updated by Sun : Nov/30/10 This plugin has been deprecated and either replaced with individual 143317 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 71656 published 2013-12-28 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=71656 title Solaris 10 (sparc) : 143317-03 (deprecated) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0115.NASL description Updated pidgin packages that fix three security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way Pidgin last seen 2020-06-01 modified 2020-06-02 plugin id 44671 published 2010-02-22 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44671 title CentOS 4 / 5 : pidgin (CESA-2010:0115) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_143318.NASL description GNOME 2.6.0_x86: Instant Messaging patch. Date this patch was last updated by Sun : Nov/30/10 This plugin has been deprecated and either replaced with individual 143318 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 71703 published 2013-12-28 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=71703 title Solaris 10 (x86) : 143318-03 (deprecated) NASL family SuSE Local Security Checks NASL id SUSE_FINCH-6861.NASL description This update of pidgin fixes various security vulnerabilities : - Remote file disclosure vulnerability by using the MSN protocol. CVE-2010-0277: CVSS v2 Base Score: 4.9: Resource Management Errors (CWE-399) MSN protocol plugin in libpurple allowed remote attackers to cause a denial of service (memory corruption) at least. CVE-2010-0420: Same nick names in XMPP MUC lead to a crash in finch. CVE-2010-0423: A remote denial of service attack (resource consumption) is possible by sending an IM with a lot of smilies in it. (CVE-2010-0013: CVSS v2 Base Score: 4.3: Path Traversal (CWE-22)) last seen 2020-06-01 modified 2020-06-02 plugin id 51728 published 2011-01-27 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51728 title SuSE 10 Security Update : pidgin (ZYPP Patch Number 6861) NASL family SuSE Local Security Checks NASL id SUSE_FINCH-6856.NASL description This update of pidgin fixes various security vulnerabilities : - Remote file disclosure vulnerability by using the MSN protocol. CVE-2010-0277: CVSS v2 Base Score: 4.9: Resource Management Errors (CWE-399) MSN protocol plugin in libpurple allowed remote attackers to cause a denial of service (memory corruption) at least. CVE-2010-0420: Same nick names in XMPP MUC lead to a crash in finch. CVE-2010-0423: A remote denial of service attack (resource consumption) is possible by sending an IM with a lot of smilies in it. (CVE-2010-0013: CVSS v2 Base Score: 4.3: Path Traversal (CWE-22)) last seen 2020-06-01 modified 2020-06-02 plugin id 51727 published 2011-01-27 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51727 title SuSE 10 Security Update : pidgin (ZYPP Patch Number 6856) NASL family SuSE Local Security Checks NASL id SUSE_11_0_FINCH-100219.NASL description This update of pidgin fixes various security vulnerabilities - CVE-2010-0013: CVSS v2 Base Score: 4.3: Path Traversal (CWE-22) Remote file disclosure vulnerability by using the MSN protocol. - CVE-2010-0277: CVSS v2 Base Score: 4.9: Resource Management Errors (CWE-399) MSN protocol plugin in libpurple allowed remote attackers to cause a denial of service (memory corruption) at least. - CVE-2010-0420 Same nick names in XMPP MUC lead to a crash in finch. - CVE-2010-0423 A remote denial of service attack (resource consumption) is possible by sending an IM with a lot of smilies in it. last seen 2020-06-01 modified 2020-06-02 plugin id 44976 published 2010-03-04 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44976 title openSUSE Security Update : finch (finch-2032) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-085.NASL description Security vulnerabilities has been identified and fixed in pidgin : The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client (CVE-2009-3615). Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon (CVE-2010-0013). Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon (CVE-2010-0013). Certain malformed SLP messages can trigger a crash because the MSN protocol plugin fails to check that all pieces of the message are set correctly (CVE-2010-0277). In a user in a multi-user chat room has a nickname containing last seen 2020-06-01 modified 2020-06-02 plugin id 46177 published 2010-04-29 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46177 title Mandriva Linux Security Advisory : pidgin (MDVSA-2010:085) NASL family Solaris Local Security Checks NASL id SOLARIS10_143317-03.NASL description GNOME 2.6.0: Instant Messaging patch. Date this patch was last updated by Sun : Nov/30/10 last seen 2020-06-01 modified 2020-06-02 plugin id 107540 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107540 title Solaris 10 (sparc) : 143317-03 NASL family Fedora Local Security Checks NASL id FEDORA_2010-1934.NASL description 2.6.6 with security and numerous minor bug fixes CVE-2010-0277 CVE-2010-0420 CVE-2010-0423 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47286 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47286 title Fedora 13 : pidgin-2.6.6-1.fc13 (2010-1934) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0115.NASL description From Red Hat Security Advisory 2010:0115 : Updated pidgin packages that fix three security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way Pidgin last seen 2020-06-01 modified 2020-06-02 plugin id 68001 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68001 title Oracle Linux 4 : pidgin (ELSA-2010-0115)
Oval
accepted 2013-09-30T04:01:05.961-04:00 class vulnerability contributors name Shane Shaffer organization G2, Inc. definition_extensions comment Pidgin is installed oval oval:org.mitre.oval:def:12366 description slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a different issue than CVE-2010-0013. family windows id oval:org.mitre.oval:def:18348 status accepted submitted 2013-08-16T15:36:10.221-04:00 title slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a different issue than CVE-2010-0013 version 4 accepted 2013-04-29T04:19:18.591-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 4 oval oval:org.mitre.oval:def:11831 comment CentOS Linux 4.x oval oval:org.mitre.oval:def:16636 comment Oracle Linux 4.x oval oval:org.mitre.oval:def:15990 comment The operating system installed on the system is Red Hat Enterprise Linux 5 oval oval:org.mitre.oval:def:11414 comment The operating system installed on the system is CentOS Linux 5.x oval oval:org.mitre.oval:def:15802 comment Oracle Linux 5.x oval oval:org.mitre.oval:def:15459
description slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a different issue than CVE-2010-0013. family unix id oval:org.mitre.oval:def:9421 status accepted submitted 2010-07-09T03:56:16-04:00 title slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a different issue than CVE-2010-0013. version 27
Redhat
| advisories |
| ||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 38294 CVE ID: CVE-2010-0277,CVE-2010-0420,CVE-2010-0423 Pidgin是支持多种协议的即时通讯客户端。 Pidgin的MSN协议实现处理MSNSLP邀请的方式存在输入过滤漏洞,远程攻击者可以发送特制的INVITE请求导致拒绝服务(内存破坏和 Pidgin崩溃)。 Finch的XMPP聊天实现在使用多用户会话时存在拒绝服务漏洞。如果多用户聊天会话中的Finch用户要将昵称更改为包含有HTML br元素,就会导致Finch崩溃。 Pidgin处理表情符图形的方式存在拒绝服务漏洞。远程攻击者可以在相互通讯中向受害用户发送大量的表情符图形,导致过多的CPU使用率。 Pidgin < 2.6.6 厂商补丁: RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2010:0115-01)以及相应补丁: RHSA-2010:0115-01:Moderate: pidgin security update 链接:https://www.redhat.com/support/errata/RHSA-2010-0115.html Pidgin ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://developer.pidgin.im/wiki/ChangeLog |
| id | SSV:19202 |
| last seen | 2017-11-19 |
| modified | 2010-03-02 |
| published | 2010-03-02 |
| reporter | Root |
| title | Pidgin多个拒绝服务漏洞 |
Statements
| contributor | Tomas Hoger |
| lastmodified | 2010-02-22 |
| organization | Red Hat |
| statement | This issue was addressed for Red Hat Enterprise Linux 4 and 5 via https://rhn.redhat.com/errata/RHSA-2010-0115.html We currently have no plans to fix this flaw in Red Hat Enterprise Linux 3 as the MSN protocol support in the provided version of Pidgin (1.5.1) is out-dated and no longer supported by MSN servers. There are no plans to backport MSN protocol changes for that version of Pidgin. |
Related news
References
- http://www.openwall.com/lists/oss-security/2010/01/07/2
- http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html
- http://secunia.com/advisories/38640
- http://www.securityfocus.com/bid/38294
- http://www.ubuntu.com/usn/USN-902-1
- http://secunia.com/advisories/38658
- http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035347.html
- http://secunia.com/advisories/38563
- http://pidgin.im/news/security/?id=43
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:041
- http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035332.html
- https://bugzilla.redhat.com/show_bug.cgi?id=554335
- http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035409.html
- http://secunia.com/advisories/38712
- https://rhn.redhat.com/errata/RHSA-2010-0115.html
- http://www.vupen.com/english/advisories/2010/0413
- http://developer.pidgin.im/wiki/ChangeLog
- http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
- http://secunia.com/advisories/38915
- http://www.vupen.com/english/advisories/2010/1020
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:085
- http://secunia.com/advisories/41868
- http://blogs.sun.com/security/entry/cve_2010_0277_malformed_msn
- http://www.vupen.com/english/advisories/2010/2693
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9421
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18348