CVE-2005-0966

Name of the Vulnerable Software and Affected Versions Gaim version 1.2.0

Description The issue allows remote attackers to inject arbitrary Gaim markup via certain functions, such as irc msg kick, irc msg mode, irc msg part, and irc msg quit. Additionally, it enables remote attackers to inject arbitrary Pango markup and display empty dialog boxes via irc msg invite. Malicious IRC servers can also cause a denial of service by injecting specific Pango markup into functions like irc msg badmode, irc msg banned, irc msg unknown, and irc msg nochan.

Recommendations For Gaim version 1.2.0, consider disabling the IRC protocol plugin as a temporary workaround until a patch is available. Restrict access to the irc msg kick, irc msg mode, irc msg part, irc msg quit, irc msg invite, irc msg badmode, irc msg banned, irc msg unknown, and irc msg nochan functions to minimize the risk of exploitation. Avoid using the affected functions in the IRC protocol plugin until the issue is resolved.