Friday, August 31, 2007

MSN Messenger vulnerable to ‘highly critical’ webcam flaw

Exploit code for a “highly critical” vulnerability in MSN Messenger has been posted to a Chinese-language forum, prompting Microsoft to urge all users to immediately migrate to Windows Live Messenger 8.1.

The exploit, available here, is caused by an error in the handling of video conversations and can be exploited to cause a heap-based buffer overflow via specially crafted data sent to a user.

Secunia warns that successful exploitation may allow execution of arbitrary code, but requires that the victim accepts the incoming Webcam invitation.

“This is under investigation,” a Microsoft spokesman said.

“Our investigation so far shows that the latest version, Windows Live Messenger 8.1, is not vulnerable to this issue,” he added, urging Windows Live Messenger 8.0 users to upgrade to Messenger 8.1.

More @ ZDNet

0 Comments: