Source code to take advantage of a security hole in Microsoft's MSN Messenger has been published on the web. Security firms suspect that the publication of this code could lead to a MSN Messenger worm or virus.
The code attacks a hole in an MSN Messenger component called "libpng," which is used to display PNG (Portable Network Graphics) files that are used to show smiley faces, buddy icons and other graphics. More than one example of code to exploit the hole was available on the Internet Wednesday, along with directions on how to use it to attack vulnerable Messenger applications. The code can cause Messenger to crash, or allow a remote attacker to run code on vulnerable Windows machines, according to a Vulnerability Alert released by Symantec (Profile, Products, Articles) Corp.