{"vuid":"VU#523888","idnumber":"523888","name":"Gaim vulnerable to HTML processing denial of service","keywords":["Gaim","DoS","denial of service","HTML"],"overview":"Gaim contains a flaw in HTML processing that may result in an invalid memory access and denial of service condition.","clean_desc":"From the Gaim project: Gaim is a multi-protocol instant messaging (IM) client for Linux, BSD, MacOS X, and Windows. It is compatible with AIM and ICQ (Oscar protocol), MSN Messenger, Yahoo!, IRC, Jabber, Gadu-Gadu, SILC, GroupWise Messenger, and Zephyr networks Gaim is susceptible to receiving a malformed HTML message which may result in an invalid memory access.","impact":"A remote attacker can cause Gaim to crash, causing a denial of service condition.","resolution":"Apply an update\nThis flaw has been fixed in Gaim 1.1.3, along with other potential security vulnerabilities. All users may download an update at the Gaim Downloads page.","workarounds":"As a best practice and potential workaround, users should not accept unexpected messages from unknown sources.","sysaffected":"","thanks":"Thanks to the Gaim project for reporting this vulnerability.","author":"This document was written by Ken MacInnis based primarily on information from the Gaim project.","public":["http://secunia.com/advisories/14322/","http://gaim.sourceforge.net/security/index.php?id=11"],"cveids":["CVE-2005-0473"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2005-02-18T16:28:51Z","publicdate":"2005-02-17T00:00:00Z","datefirstpublished":"2005-02-21T21:41:47Z","dateupdated":"2005-02-21T21:41:53Z","revision":13,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"4","cam_population":"8","cam_impact":"3","cam_easeofexploitation":"10","cam_attackeraccessrequired":"15","cam_scorecurrent":"1.2825","cam_scorecurrentwidelyknown":"1.62","cam_scorecurrentwidelyknownexploited":"2.97","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":1.2825,"vulnote":null}