Core warns: new vulnerability found in MSN Messenger

Posted on Tuesday, February 08 2005 @ 21:37 CET by Thomas De Maesschalck
Core today reported about a vulnerability in Microsoft's MSN Messenger. The security firm says that by using a custom crafted graphic an attacker could trigger a buffer overflow on the chat partner's computer. This will allow the attacker remotely control the PC of its victim.
The attack would travel through the established chat session and would pass unnoticed by firewalls, network intrusion detection systems and even host-based personal firewalls and antivirus software. According to the vendor, Windows Messenger and Windows Media Player are also affected by this vulnerability.

“This is a critical security flaw since it directly affects more than 130 million users and because the attack is very likely to go unnoticed by the several layers of security countermeasures commonly used today,” said Ivan Arce, CTO at Core Security Technologies. “Since initially reporting the flaw, we have been working closely with the vendor and we are pleased to see that a fix is now available.”
More info at Net Security

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments