MSN Messenger flaw creates web cam peril
PrintUpgrade or be own3d
Posted in Software & Security, 30th August 2007 10:12 GMT
Free whitepaper – Straight Talk with Dell: Sending out an SaaS
A vulnerability in MSN Messenger poses a severe risk of compromise for users of older versions of the software who accept untrusted web cam sessions.
Security bugs involving the handling of video conversations (web cam streams) by some versions of Microsoft's chat client create a means for hackers to inject hostile code onto vulnerable systems. Hackers first need to trick potential marks into accepting an incoming Web Cam invitation, before launching specially malformed data streams.
The heap-based buffer overflow vulnerability affects MSN Messenger version 7 and below. No immediate patch is available for older versions of MSN Messenger. Exploit code for this vulnerability is publicly available, security clearing house CERT warns, a factor that makes launching an attack far more straightforward.
Users are encouraged to upgrade to Windows Live Messenger 8.1 or later, which is immune from the vulnerability. ®
Free whitepaper – Managing desktop software for fun and profit
Enabling the Agile Data Center
Straight Talk with Dell: Sending out an SaaS
The business value of SIP VoIP and trunking
New storage architectures make SSDs more cost-effective
Sign up, sign up for The Register IT security newsletter
Microsoft's Windows 7 price gamble - and why it's flawed
Managing Desktop Software for fun and profit
Intel's flash new SSDs hit by bugs