Last Updated: 2007-08-28 13:45:47 UTC
by Maarten Van Horenbeeck (Version: 1)
Secunia has reported an unfixed, unconfirmed remote code execution vulnerability in MSN Messenger’s Video Conversation functionality. An exploit appears to be available of which the description states it will cause a Denial-of-Service attack on MSN Messenger, and likely allows remote code execution on Win2k SP4 Chinese. If accurate, an offset change is likely all that is needed for this to work on other language releases.
According to the report, Windows Live Messenger 8.1 and higher are not affected. While Microsoft has not yet officially confirmed this vulnerability, we advise users not to accept untrusted video conversation sessions at this time.
We'll keep you updated on this issue. Thanks to Juha-Matti for bringing it to our attention.