cve-2004-0784-00

Description

To install a new smiley theme, a user can drag a tarball from a graphical file manager, or a hypertext link to one from a web browser. When a tarball is dragged, Gaim executes a shell command to untar it. However, it does not escape the filename before sending it to the shell. Thus, a specially crafted filename could execute arbitrary commands if the user could be convinced to drag a file into the smiley theme selector.

Mitigation

Filenames are now escaped using g_shell_quote().

Looking to reach us via XMPP? Check out the new PidginChat service!