Flaw found in MSN Messenger


Flaw found in MSN Messenger

SearchSecurity.com Staff

Attackers could exploit a flaw in MSN Messenger to run malicious code on targeted machines, according to Danish vulnerability clearinghouse Secunia.

The problem, discovered by a researcher who goes by the name Wushi, is an error in how the application handles video conversations. Attackers could exploit it to cause a heap-based buffer overflow via specially crafted data sent to a user.

"Successful exploitation may allow execution of arbitrary code, but requires that the victim accepts the incoming Web Cam invitation," Secunia said in its SA26570 advisory after independently confirming the flaw.

The vulnerability affects version 7.0, and no fixes are currently available. However, users could address the flaw by upgrading to Windows Live Messenger 8.1 or later, which is not affected by the vulnerability. Also, Secunia advised users not to accept untrusted Web Cam sessions.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

COMMENTS powered by Disqus  //  Commenting policy