computing.co.uk

incorporating IT Week

Search

Advertisements

advertisement

Microsoft

Security flaw hits MSN Messenger

Vulnerability puts users at risk of arbitrary code execution

Written by Shaun Nichols in California

vnunet.com, 29 Aug 2007

A newly reported vulnerability could put the security of MSN Messenger users at risk.

The flaw lies in MSN Messenger's video chat component and could allow an attacker to remotely execute code on a user's system. The vulnerability does not affect the latest version of the application, now known as Windows Live Messenger 8.1.

An attacker could exploit the flaw by injecting specially-crafted code into a video chat invitation.

On accepting the invitation, the user would experience a buffer overflow, which could in turn cause an application crash and allow the attacker to execute malicious code.

Discovery of the vulnerability is credited to a researcher known as 'Wushi'.

Security firm Secunia rated the vulnerability as 'highly critical', the second highest of its five alert levels.

A Microsoft spokesperson said that the company is investigating the flaw. Microsoft and Secunia recommend that users upgrade to Windows Live Messenger 8.1.

Secunia also recommended that users who have not upgraded should avoid unsolicited video chat invites.

A similar flaw was reported two weeks ago in Yahoo Messenger which could allow an attacker to execute malicious code through a specially crafted chat invite.

Tags:

reader comments

related articles

Windows 2000 flaw highlights slow Patch Tuesday

Vista and XP spared from most dangerous vulnerabilities 12 Sep 2007

Zero-day flaw hits Windows XP

Vulnerabilities in MFC42 and MFC71 could allow remote code execution 19 Sep 2007

Microsoft readies four patches

Only one 'critical' fix included in monthly update 11 Sep 2007

today's top stories

Analysis: The true cost of printing

Organisations need to get a better sense of how much they spend on printing before finding ways to reduce it 05 Sep 2008

Computing podcast 4 September 2008

Find out what Michael Dell told Computing, and listen to our take on the latest browser wars 04 Sep 2008

Looking to the future - exclusive Michael Dell interview

Dell's chief executive talks to Computing about the way the company continues to adapt to major changes in the industry 04 Sep 2008

Interview: Delivering power where it's needed at Betfair

The online gambling firm is putting its money on grid computing and virtualisation to underpin global expansion 04 Sep 2008

E-paper displays are an open book

A display revolution is on the way - but only once the user interface issues are solved 04 Sep 2008

most read
most commented
popular topics

Most read stories

Most commented stories

Advertisement

advertisement

newsletter signup
existing users

Existing User

Jobs

Jobs

Related jobs

Job of the week

advertisement

> More IT vacancies

Job alerts

Latest jobs to your inbox

Find your next job

Advertisement

advertisement

White papers

whitepapers

Top categories

VPN, Extranet and Intranet Solutions

WAN/ LAN Solutions

Network Security

Interoperability-Connectivity

Grid/ Utility Computing

IT white papers

poll
audio / video
in-depth

Latest poll

Would you use a mobile phone as an alternative to cash?

Latest audio and video articles

BlackBerry Bold

Video Review: BlackBerry Bold

Technology editor Daniel Robinson takes a hands-on look at the latest device from Research in Motion 01 Sep 2008

Podcast image

Computing podcast 4 September 2008

Find out what Michael Dell told Computing, and listen to our take on the latest browser wars 04 Sep 2008

> More audio and video

Latest in-depth articles

A meeting

Turning adversity into an advantage

IT chiefs under pressure to make cost cuts can turn the situation to their benefit 04 Sep 2008

Cloud

How to introduce cloud computing into your organisation

Best practice advice from Forrester Research 04 Sep 2008

> More in depth articles

Primary Navigation

Mobile
RSS