| Summary | MSN file download vulnerability |
|---|---|
| Date | 2010-01-08 |
| CVE Number | CVE-2010-0013 |
| Discovered By | Fabian Yamaguchi |
| Fixed In Release | 2.6.5 |
The MSN protocol plugin extracts the filename of a custom emoticon from an incoming request and uploads that file without correlating the filename to a valid custom emoticon.
Validate the custom emoticon requested is valid before uploading its file data.