MSN Messenger vulnerable to 'highly critical' webcam flaw

Exploit code for a "highly critical" vulnerability in MSN Messenger has been posted to a Chinese-language forum, prompting Microsoft to urge all users to immediately migrate to Windows Live Messenger 8.1.

MSN Messenger vulnerable to ‘highly critical’ webcam flaw
Exploit code for a "highly critical" vulnerability in MSN Messenger has been posted to a Chinese-language forum, prompting Microsoft to urge all users to immediately migrate to Windows Live Messenger 8.1.

The exploit, available here, is caused by an error in the handling of video conversations and can be exploited to cause a heap-based buffer overflow via specially crafted data sent to a user.

Secunia warns that successful exploitation may allow execution of arbitrary code, but requires that the victim accepts the incoming Webcam invitation.

"This is under investigation," a Microsoft spokesman said.

[ SEE: Beware of strange Yahoo Messenger webcam invites

"Our investigation so far shows that the latest version, Windows Live Messenger 8.1, is not vulnerable to this issue," he added, urging Windows Live Messenger 8.0 users to upgrade to Messenger 8.1.

"We have encouraged customers to upgrade to Windows Live Messenger 8.1 beginning February 2007," the spokesman said.

Once we’re done investigating, we will take appropriate action to help protect customers. This may include providing a security update through the monthly release process, an out-of-cycle update or additional guidance to help customers protect themselves.

Windows Live Messenger is the successor to MSN Messenger, the popular text and video chatting tool offered by Redmond's MSN division.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All