Messenger Stuff - Another security flaw crops up in Messenger

Another security flaw crops up in Messenger
Posted by absorbation on Wed 26 Sep 2007 (21:25 GMT)

Again a 'highly critical' security flaw has appeared, this time in Windows Live Messenger specific to the sharing folders feature. Similar to the webcam flaw, the problem is caused by a 'buffer overflow' however, this time the exploit only effects Windows Live Messenger users and won't spark as much criticism if a forced update was to be in implemented.

Again this is only a risk if you accept sharing folders with people you do not trust and there is no known virus spreading:

The attacker can 'Create a sharing folder' for its victim and then put the malformed file into the physical location of that folder on his hard drive (My Computer > My Sharing Folders > victim@hotmail.com). Note that if the attacker would drag & drop the file directly into the Messenger window, his own client would crash. Considering that the victim has accepted the sharing folder, the attacker can simply click the sharing icon to crash Windows Live Messenger, or even Windows XP entirely when the process isn't terminated in time. The victim then needs to delete the sharing folder entirely to cease the exploitation.

The vulnerability was discovered on the 20th of August 2007 and reported to Microsoft on the 23rd. The company responded one day later that it will address the issue in 'the next service pack'. Although there have been no reports yet of actual exploitation via this method, you should note that in order to protect yourself you should avoid sharing folders with contacts you don't trust.

Nevertheless Microsoft are tough on security flaws, let's just hope there are no stupid decisions this time around.

>> Source: mess.be

0 comments | 5 trackbacks | Permalink | 825 views | 325 words

Tags: Buffer Overflow Security Webcam

Did you like this news post? You can get all the latest articles at msgstuff.com in your email inbox each morning by entering your email address below. Your address will only be used for mailing you the articles, and each one will include a link so you can unsubscribe at any time. If you have an RSS reader, I recommend you subscribe to the Full RSS Feed

Comments:

Similar Posts:

Trackback	Amount of referals	First referal	Last referred
www.google.com	10 trackbacks	Thu 27 Sep 2007 (10:15 GMT)	Tue 11 Dec 2007 (21:37 GMT)
search.live.com	5 trackbacks	Sat 29 Sep 2007 (10:59 GMT)	Wed 16 Jan 2008 (07:53 GMT)
www.newsdor.com	1 trackback	Sat 27 Oct 2007 (05:36 GMT)	Sat 27 Oct 2007 (05:36 GMT)
siteexplorer.search.yahoo.com	1 trackback	Sat 22 Dec 2007 (00:57 GMT)	Sat 22 Dec 2007 (00:57 GMT)
search.yahoo.com	1 trackback	Fri 21 Nov 2008 (09:13 GMT)	Fri 21 Nov 2008 (09:13 GMT)

Your Name
Your Email Address (Never Displayed)
Your Website
Message
	[b][/b] Bold [i][/i] Italic [u][/u] Underline [s][/s] ~~Strike~~ [color=#FF0000][/color] Changes color [url=http://]Text[/url] Messenger Stuff [quote][/quote] Quotes a piece of text View BBCode list

Type the value in the image above
Notify me of further comments

Trackbacks:

Comments:

Add Comment:

Main Links

Messenger Help

Skins

News Stuff

Website Links