[原文]Gadu-Gadu 7.20 does not properly handle MS-DOS device names in filenames, which allows remote attackers to (1) cause a denial of service (hang) via an image filename of AUX: sent twice (hang), or (2) write to the LPT1 port via a filename of "LPT1:".
Gadu-Gadu contains a flaw that may allow a remote denial of service. The issue is triggered when MS-DOS filenames ("LPT:", "AUX:") are used for image processing, and will result in loss of availability for the service.
Upgrade to version 7.0 (build 22) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.