IMFreedom Security

Description

The MSN protocol plugin extracts the filename of a custom emoticon from an incoming request and uploads that file without correlating the filename to a valid custom emoticon.

Mitigation

Validate the custom emoticon requested is valid before uploading its file data.