MSN Messenger flaw creates web cam peril

By John Leyden → More by this author

30 Aug 2007 10:12

Upgrade or be own3d

A vulnerability in MSN Messenger poses a severe risk of compromise for users of older versions of the software who accept untrusted web cam sessions.

Security bugs involving the handling of video conversations (web cam streams) by some versions of Microsoft's chat client create a means for hackers to inject hostile code onto vulnerable systems. Hackers first need to trick potential marks into accepting an incoming Web Cam invitation, before launching specially malformed data streams.

The heap-based buffer overflow vulnerability affects MSN Messenger version 7 and below. No immediate patch is available for older versions of MSN Messenger. Exploit code for this vulnerability is publicly available, security clearing house CERT warns, a factor that makes launching an attack far more straightforward.

Users are encouraged to upgrade to Windows Live Messenger 8.1 or later, which is immune from the vulnerability. ®

8 comments posted — Comment period finished

hacked by day

Posted: 12:39 30th August 2007

Wont be hard really

Posted: 12:42 30th August 2007

Title

Posted: 18:50 30th August 2007

Oh Danny boy

Posted: 23:58 30th August 2007

daniel

Posted: 08:02 31st August 2007

More comments…

Track this type of story as a custom Atom/RSS feed or by email.

Microsoft to buy chinwag platform Parlano (30 August 2007)
Skype worm leaps onto MSN (24 May 2007)
Microsoft brings instant messaging to Xbox Live (10 April 2007)
MSN punts 'scareware' (21 February 2007)
Microsoft launches Windows Live package (13 December 2006)
Child protection extends to MSN (23 August 2006)
MSN Messenger worm seeds zombie networks (4 February 2005)

Top 20 stories All The Week’s Headlines

Whitepapers	Jobs
What Every E-Business Should Know about SSL Security and Consumer Trust Ten Cooling Solutions to Support High-Density Server Deployment [WP42] Accelerating Enterprise Data Governance A Blueprint for better management from the desktop to the data centre	We Are Still Hiring Experienced Perl Developers! mod_perl / OO / Internet Application Designer for a leading Bank Perl Developer Web developer for embedded Linux systems Perl/Linux Programmer for Telecom ASP

Breaking Hardware News

triangular warning sign featuring exclamation mark

San Jose decides it's 'Visual Computing Week'

And just where does that leave National Bowling Week?

The heat rising from San Jose isn't merely an effect of a convention center full of GTX 280 cards being flipped on at once. Nvidia's decision to host its inaugural computing conference, Nvision 08, this week in the company's home town has fanned the flames of passion inside city officials.

Get the ChannelReg newsletters

Related Whitepapers

Enabling the Data Center Metamorphosis
From Fixed To Fluid
Eliminating the Security Risk of Sending Confidential Information by Email
Email Encryption
Gartner Paper: US Data Centers - The Calm Before the Storm
How to handle future energy demands
Search Engine Link Spam
Risks, Threats, Solution
Solution Brief: Reduce Energy Costs
With Green IT Solutions
The Botnet Threat
Targeting Your Busines

Top Stories