Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Potential MSN Messenger video conversation vulnerability InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Potential MSN Messenger video conversation vulnerability

Published: 2007-08-28
Last Updated: 2007-08-28 13:45:47 UTC
by Maarten Van Horenbeeck (Version: 1)
0 comment(s)

Secunia has reported an unfixed, unconfirmed remote code execution vulnerability in MSN Messenger’s Video Conversation functionality. An exploit appears to be available of which the description states it will cause a Denial-of-Service attack on MSN Messenger, and likely allows remote code execution on Win2k SP4 Chinese. If accurate, an offset change is likely all that is needed for this to work on other language releases.

According to the report, Windows Live Messenger 8.1 and higher are not affected. While Microsoft has not yet officially confirmed this vulnerability, we advise users not to accept untrusted video conversation sessions at this time. 

We'll keep you updated on this issue. Thanks to Juha-Matti for bringing it to our attention.

Keywords:
0 comment(s)
Diary Archives