The code attacks a hole in an MSN Messenger component called "libpng," which is used to display PNG (Portable Network Graphics) files that are used to show smiley faces, buddy icons and other graphics. More than one example of code to exploit the hole was available on the Internet Wednesday, along with directions on how to use it to attack vulnerable Messenger applications. The code can cause Messenger to crash, or allow a remote attacker to run code on vulnerable Windows machines, according to a Vulnerability Alert released by Symantec (Profile, Products, Articles) Corp.More info at InfoWorld
Exploit for MSN Messenger flaw released on the web
Posted on Thursday, Feb 10 2005 @ 14:39 CET by Thomas De Maesschalck
Source code to take advantage of a security hole in Microsoft's MSN Messenger has been published on the web. Security firms suspect that the publication of this code could lead to a MSN Messenger worm or virus.