A vulnerability in MSN Messenger poses a severe risk of compromise for users of older versions of the software who accept untrusted web cam sessions.
Security bugs involving the handling of video conversations (web cam streams) by some versions of Microsoft's chat client create a means for hackers to inject hostile code onto vulnerable systems. Hackers first need to trick potential marks into accepting an incoming Web Cam invitation, before launching specially malformed data streams.
The heap-based buffer overflow vulnerability affects MSN Messenger version 7 and below. No immediate patch is available for older versions of MSN Messenger. Exploit code for this vulnerability is publicly available, security clearing house CERT warns, a factor that makes launching an attack far more straightforward.
Users are encouraged to upgrade to Windows Live Messenger 8.1 or later, which is immune from the vulnerability. ®