CVE-2013-6486

Name of the Vulnerable Software and Affected Versions Pidgin versions prior to 2.10.8

Description The issue allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction of an explorer.exe command. This vulnerability exists due to an incomplete fix.

Recommendations For versions prior to 2.10.8, update to version 2.10.8 or later to resolve the issue. As a temporary workaround, consider restricting the handling of file: URL messages to minimize the risk of exploitation.