On CBS MoneyWatch: 5 Things You Should Buy at Walmart
BNET Business Network:
BNET
TechRepublic
ZDNet

August 28th, 2007

MSN Messenger vulnerable to 'highly critical' webcam flaw

Posted by Ryan Naraine @ 1:52 pm

Categories: Botnets, Browsers, Data theft, Exploit code, Hackers, Microsoft, Passwords, Patch Watch, Pen testing, Responsible disclosure, Rootkits, Spam and Phishing, Spyware and Adware, Viruses and Worms, Vulnerability research, Zero-day attacks

Tags: MSN, Microsoft Windows Live Messenger, Webcam, MSN Messenger, Microsoft Windows Live, Microsoft Windows, Secunia, Flaw, Ryan Naraine

MSN Messenger vulnerable to ‘highly critical’ webcam flawExploit code for a “highly critical” vulnerability in MSN Messenger has been posted to a Chinese-language forum, prompting Microsoft to urge all users to immediately migrate to Windows Live Messenger 8.1.

The exploit, available here, is caused by an error in the handling of video conversations and can be exploited to cause a heap-based buffer overflow via specially crafted data sent to a user.

Secunia warns that successful exploitation may allow execution of arbitrary code, but requires that the victim accepts the incoming Webcam invitation.

“This is under investigation,” a Microsoft spokesman said.

[ SEE: Beware of strange Yahoo Messenger webcam invites

“Our investigation so far shows that the latest version, Windows Live Messenger 8.1, is not vulnerable to this issue,” he added, urging Windows Live Messenger 8.0 users to upgrade to Messenger 8.1.

“We have encouraged customers to upgrade to Windows Live Messenger 8.1 beginning February 2007,” the spokesman said.

Once we’re done investigating, we will take appropriate action to help protect customers. This may include providing a security update through the monthly release process, an out-of-cycle update or additional guidance to help customers protect themselves.

Windows Live Messenger is the successor to MSN Messenger, the popular text and video chatting tool offered by Redmond’s MSN division.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?

  • Talkback
  • Most Recent of 14 Talkback(s)
RE: MSN Messenger vulnerable to 'highly critical' webcam flaw
Every time you start a conversation using the new version of MSN Messenger, Microsoft shares a porti... (Read the rest)
Posted by: yman25 Posted on: 09/20/08 You are currently: a Guest | | Terms of Use
What about those who don't have XP yet?  chrispy.page@... | 08/28/07
A patch is likely coming  PB_z | 08/28/07
A patch is likely coming  vegas21@... | 08/31/07
YIKES!!!!!!!  tpratt@... | 08/29/07
And your point is...?  Wolfie2K3 | 08/31/07
Hmm... This is pretty obvious...  Grayson Peddie | 08/28/07
Maybe I've become too cynical...  Landrue | 08/29/07
Vista has nothing to do with it.  Azriphale | 08/29/07
Maybe I've become too cynical...  vegas21@... | 08/31/07
Patch Already Out  itanalyst | 08/29/07
nothings a patch on Tux  CeciLinux | 08/29/07
ubuntu has flaws!  qmlscycrajg | 08/30/07
Windows in General  vegas21@... | 08/31/07
RE: MSN Messenger vulnerable to 'highly critical' webcam flaw  yman25 | 09/20/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement
Click Here

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here