Flaw found in MSN Messenger

By SearchSecurity.com Staff 29 Aug 2007 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

Attackers could exploit a flaw in MSN Messenger to run malicious code on targeted machines, according to Danish vulnerability clearinghouse Secunia.

The problem, discovered by a researcher who goes by the name Wushi, is an error in how the application handles video conversations. Attackers could exploit it to cause a heap-based buffer overflow via specially crafted data sent to a user."

"Successful exploitation may allow execution of arbitrary code, but requires that the victim accepts the incoming Web Cam invitation," Secunia said in its SA26570 advisory after independently confirming the flaw. The vulnerability affects version 7.0, and no fixes are currently available. However, users could address the flaw by upgrading to Windows Live Messenger 8.1 or later, which is not affected by the vulnerability. Also, Secunia advised users not to accept untrusted Web Cam sessions.

Sound Off! -   Be the first to post a message to Sound Off!

Tags: Secure IM,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us