Flaw found in MSN Messenger

Attackers could exploit a flaw in MSN Messenger to run malicious code on targeted machines, according to Danish vulnerability clearinghouse Secunia.

Attackers could exploit a flaw in MSN Messenger to run malicious code on targeted machines, according to Danish vulnerability clearinghouse Secunia.

The problem, discovered by a researcher who goes by the name Wushi, is an error in how the application handles video conversations. Attackers could exploit it to cause a heap-based buffer overflow via specially crafted data sent to a user."

"Successful exploitation may allow execution of arbitrary code, but requires that the victim accepts the incoming Web Cam invitation," Secunia said in its SA26570 advisory after independently confirming the flaw. The vulnerability affects version 7.0, and no fixes are currently available. However, users could address the flaw by upgrading to Windows Live Messenger 8.1 or later, which is not affected by the vulnerability. Also, Secunia advised users not to accept untrusted Web Cam sessions.

This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close