Core Security Technologies Advisory – A remote arbitrary-code-execution vulnerability has been found in Libpurple (used by Pidgin and Adium instant messaging clients, among others), which can be triggered by a remote attacker by sending a specially crafted MSNSLP packet with invalid data to the client through the MSN server. No victim interaction is required, and the attacker is not required to be in the victim’s buddy list (under default configuration). Libpurple versions 2.5.8 and below are affected.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/80492/CORE-2009-0727.txt
Source: https://packetstormsecurity.com/files/80492/Core-Security-Technologies-Advisory-2009.0727.html