MSN Messenger vulnerable to 'highly critical' webcam flaw

Exploit code for a "highly critical" vulnerability in MSN Messenger has been posted to a Chinese-language forum, prompting Microsoft to urge all users to immediately migrate to Windows Live Messenger 8.1.

Written by Ryan Naraine, Contributor Aug. 28, 2007 at 6:52 a.m. PT

MSN Messenger vulnerable to Â‘highly criticalÂ’ webcam flaw

The exploit, available here, is caused by an error in the handling of video conversations and can be exploited to cause a heap-based buffer overflow via specially crafted data sent to a user.

Secunia warns that successful exploitation may allow execution of arbitrary code, but requires that the victim accepts the incoming Webcam invitation.

"This is under investigation," a Microsoft spokesman said.

[ SEE: Beware of strange Yahoo Messenger webcam invites ]

"Our investigation so far shows that the latest version, Windows Live Messenger 8.1, is not vulnerable to this issue," he added, urging Windows Live Messenger 8.0 users to upgrade to Messenger 8.1.

"We have encouraged customers to upgrade to Windows Live Messenger 8.1 beginning February 2007," the spokesman said.

Once we’re done investigating, we will take appropriate action to help protect customers. This may include providing a security update through the monthly release process, an out-of-cycle update or additional guidance to help customers protect themselves.

Windows Live Messenger is the successor to MSN Messenger, the popular text and video chatting tool offered by Redmond's MSN division.

Editorial standards

Show Comments

MSN Messenger vulnerable to 'highly critical' webcam flaw

Related

Logitech mouse and keyboard users are getting a free AI upgrade

Don't like your Linux desktop? Here's how to install an alternative

The most charming projector I've tested has now replaced my TV for movie nights