In association with heise online

28 August 2007, 18:49

Danger for users of MSN Messenger

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

After a 0-day bug in Yahoo Messenger two weeks ago, this time the target is Microsoft's MSN Messenger. According to security service provider Secunia a malformed video data stream can trigger a buffer overflow in Microsoft’s Messenger which leads to the execution of injected arbitrary code. To exploit this vulnerability, the potential victim must accept an invitation to participate in a webcam session.

A demo program that exploits this bug has been made available on a chinese web site. Secunia rates this issue as "highly critical" and warns that it affects versions 6.x and 7.x of MSN Messenger. So far, there is neither a confirmation nor an update from Microsoft. Users of the software are advised to update quickly to the current version 8.1 of the program, which has been renamed Windows Live Messenger. If they use older versions, users should not accept any invitations to webcam sessions.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit