Another security flaw crops up in Messenger


Posted by absorbation on Wed 26 Sep 2007 (21:25 GMT) (1831 views)
Again a 'highly critical' security flaw has appeared, this time in Windows Live Messenger specific to the sharing folders feature. Similar to the webcam flaw, the problem is caused by a 'buffer overflow' however, this time the exploit only effects Windows Live Messenger users and won't spark as much criticism if a forced update was to be in implemented.

Again this is only a risk if you accept sharing folders with people you do not trust and there is no known virus spreading:

The attacker can 'Create a sharing folder' for its victim and then put the malformed file into the physical location of that folder on his hard drive (My Computer > My Sharing Folders > victim@hotmail.com). Note that if the attacker would drag & drop the file directly into the Messenger window, his own client would crash. Considering that the victim has accepted the sharing folder, the attacker can simply click the sharing icon to crash Windows Live Messenger, or even Windows XP entirely when the process isn't terminated in time. The victim then needs to delete the sharing folder entirely to cease the exploitation.

The vulnerability was discovered on the 20th of August 2007 and reported to Microsoft on the 23rd. The company responded one day later that it will address the issue in 'the next service pack'. Although there have been no reports yet of actual exploitation via this method, you should note that in order to protect yourself you should avoid sharing folders with contacts you don't trust.



Nevertheless Microsoft are tough on security flaws, let's just hope there are no stupid decisions this time around.

Source: mess.be
0 comments

Tags:   Security  Webcam    

Did you like this news post? You can get all the latest articles at msgstuff.com in your email inbox each morning by entering your email address below. Your address will only be used for mailing you the articles, and each one will include a link so you can unsubscribe at any time. If you have an RSS reader, I recommend you subscribe to the Full RSS Feed

Comments:

Similar Posts


Add Comment:

When you post a successful comment please check your inbox where there will be an email containing a link to activate your comment. There are some issues with the comments system at the moment. If you entered any invalid information you won't receive an email.


Your Name
Your Email Address
(Never Displayed)
Your Website
(Not Required)
Message



Type the value in the image above
Notify me of further comments Yes