Attackers could exploit a flaw in MSN Messenger to run malicious code on targeted machines, according to Danish...
vulnerability clearinghouse Secunia.
The problem, discovered by a researcher who goes by the name Wushi, is an error in how the application handles video conversations. Attackers could exploit it to cause a heap-based buffer overflow via specially crafted data sent to a user.
"Successful exploitation may allow execution of arbitrary code, but requires that the victim accepts the incoming Web Cam invitation," Secunia said in its SA26570 advisory after independently confirming the flaw.
The vulnerability affects version 7.0, and no fixes are currently available. However, users could address the flaw by upgrading to Windows Live Messenger 8.1 or later, which is not affected by the vulnerability. Also, Secunia advised users not to accept untrusted Web Cam sessions.