Description
The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows:
- remote attackers to inject arbitrary Gaim markup via
irc_msg_kick,irc_msg_mode,irc_msg_part,irc_msg_quit, - remote attackers to inject arbitrary Pango markup and pop up empty dialog
boxes via
irc_msg_invite, or - malicious IRC servers to cause a denial of service (application crash) by
injecting certain Pango markup into
irc_msg_badmode,irc_msg_banned,irc_msg_unknown,irc_msg_nochanfunctions.
Mitigation
The IRC protocol plugin was modified to escape appropriate messages passed to the Gaim core.