[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit

To: "Andrew Hunter" <andiroohunter@xxxxxxx>, <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit
From: "Thor Larholm" <thor@xxxxxxxx>
Date: Thu, 10 Feb 2005 10:45:47 -0800

> From: Andrew Hunter [mailto:andiroohunter@xxxxxxx] 
> Unfortunatly MSN would let me load the .png as my display picture? I
am using 
> MSN 7 so that is probbobly why, i will down grade to MSN 6 and try
again.

MSN 7 is not affected as the vulnerability was reported to Microsoft
before it's beta release, hence it was fixed in MSN 7 before MS05-009
was released. The beta of MSN Messenger 7 was released back in November
2004 so it's taken a few months to patch this for the remaining affected
products.

From http://www.microsoft.com/technet/security/bulletin/ms05-009.mspx,
Vulnerability Details, PNG Processing Vulnerability in MSN Messenger,
FAQ:

"Is the MSN Messenger 7.0 beta affected by this vulnerability?
No. This vulnerability was reported prior to the release of the MSN
Messenger 7.0 beta, and is therefore already incorporated into that
product version."


Regards

Thor Larholm
Senior Security Researcher
PivX Solutions
23 Corporate Plaza #280
Newport Beach, CA 92660
http://www.pivx.com
thor@xxxxxxxx
Stock symbol: (PIVX.OB)
Phone: +1 (949) 231-8496
PGP: 0x4207AEE9
B5AB D1A4 D4FD 5731 89D6  20CD 5BDB 3D99 4207 AEE9

PivX defines a new genre in Desktop Security: Proactive Threat
Mitigation. 
<http://www.pivx.com/qwikfix>

Prev by Date: Re: Finjan Security Advisory: Microsoft Office XP Remote Buffer Overflow Vulnerability
Next by Date: RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit
Previous by thread: RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit
Next by thread: Internet Explorer zone spoofing with encoded URLs
Index(es):
- Date
- Thread