Microsoft

Security flaw hits MSN Messenger

Vulnerability puts users at risk of arbitrary code execution

Written by Shaun Nichols in California

vnunet.com, 29 Aug 2007

A newly reported vulnerability could put the security of MSN Messenger users at risk.

The flaw lies in MSN Messenger's video chat component and could allow an attacker to remotely execute code on a user's system. The vulnerability does not affect the latest version of the application, now known as Windows Live Messenger 8.1.

An attacker could exploit the flaw by injecting specially-crafted code into a video chat invitation.

On accepting the invitation, the user would experience a buffer overflow, which could in turn cause an application crash and allow the attacker to execute malicious code.

Discovery of the vulnerability is credited to a researcher known as 'Wushi'.

Security firm Secunia rated the vulnerability as 'highly critical', the second highest of its five alert levels.

A Microsoft spokesperson said that the company is investigating the flaw. Microsoft and Secunia recommend that users upgrade to Windows Live Messenger 8.1.

Secunia also recommended that users who have not upgraded should avoid unsolicited video chat invites.

A similar flaw was reported two weeks ago in Yahoo Messenger which could allow an attacker to execute malicious code through a specially crafted chat invite.

See also:

reader comments

related articles

 
Security

OpenOffice users urged to apply security fixes

Patches address a pair of critical flaws 31 Oct 2008

Security

Microsoft warns of new Word attacks

Remote code flaw being exploited 10 Jul 2008

Security

Microsoft issues 'critical' security alert

Attack targets server component in Windows and Windows Server 24 Oct 2008

latest news

Civica wins Harrow Council contract

LAR beats tough competition through Catalist tender to revamp council's parking system 09 Jan 2009

Novell to shuffle EMEA executive pack

Linux vendor shifts partner programme responsibilities to marketing organisation 09 Jan 2009

Ballmer highlights aims for New Year

Ballmer announces Windows 7 beta and future alliances designed to improve information sharing 08 Jan 2009

More news

poll

Challenging times ahead?

Challenging times ahead?

Do you think there will be a lot of channel job cuts in 2009?

Previous poll results

Paul Anderson, Trend Micro

Vendor Q&A: Paul Anderson, Trend Micro

During this Q&A session Paul Anderson, UK country manager of Trend Micro talks about the changing threat landscape and how Trend is working with resellers in 2009

Sara Yirrell and Rick Wallis

Vendor Q&A: Rick Wallis, NEC Computers

In this exclusive vendor Q&A, Rick Wallis, UK sales director at NEC Computers talks to CRN editor Sara Yirrell about his firm’s plans for the channel.

More CRN TV

events

Channel Expo 2009 logo

Channel Expo 2009

The UK's top reseller exhibition will return to the NEC on 20 May 2009

CRN Fight Night 2009

The channel's only white-collar boxing event is back

More Events

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Advertisement

White papers

Search white papers

Top categories

Primary Navigation