MSN Messenger flaw can disclose user data


MSN Messenger flaw can disclose user data

A new flaw in Microsoft's MSN Messenger software could reveal users' names and email addresses as well as people on their "buddy list".

The flaw allows a Javascript program placed on a Web page visited by MSN Messenger users to capture a user's display name for the chat program, as well as the names of all their contacts. This could allow people's real names to be harvested by malicious Web sites, he said. If no display name is set in the program, the Javascript will obtain the user's e-mail address instead.

The flaw exploits a feature in MSN Instant Messenger, which notifies users when they have received new e-mail in their Hotmail accounts.

Though Microsoft is treating the flaw as low risk, it will release a new version of its Messenger products early next week, a spokeswoman said. Users will be notified that a new version is available and will be prompted to download it.

In the meantime, Microsoft is advising concerned users to go to the MSN Messenger support Web site ( ) for information about the issue and steps they can take to protect themselves.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy