Tag - Buffer-Overflow
Again a 'highly critical' security flaw has appeared, this time in Windows Live Messenger specific to the sharing folders feature. Similar to the webcam flaw, the problem is caused by a 'buffer overflow' however, this time the exploit only effects Windows Live Messenger users and won't spark as much criticism if a forced update was to be in implemented.
Again this is only a risk if you accept sharing folders with people you do not trust and there is no known virus spreading:
Nevertheless Microsoft are tough on security flaws, let's just hope there are no stupid decisions this time around.
>> Source: mess.be
Again this is only a risk if you accept sharing folders with people you do not trust and there is no known virus spreading:
The attacker can 'Create a sharing folder' for its victim and then put the malformed file into the physical location of that folder on his hard drive (My Computer > My Sharing Folders > victim@hotmail.com). Note that if the attacker would drag & drop the file directly into the Messenger window, his own client would crash. Considering that the victim has accepted the sharing folder, the attacker can simply click the sharing icon to crash Windows Live Messenger, or even Windows XP entirely when the process isn't terminated in time. The victim then needs to delete the sharing folder entirely to cease the exploitation.
The vulnerability was discovered on the 20th of August 2007 and reported to Microsoft on the 23rd. The company responded one day later that it will address the issue in 'the next service pack'. Although there have been no reports yet of actual exploitation via this method, you should note that in order to protect yourself you should avoid sharing folders with contacts you don't trust.
The vulnerability was discovered on the 20th of August 2007 and reported to Microsoft on the 23rd. The company responded one day later that it will address the issue in 'the next service pack'. Although there have been no reports yet of actual exploitation via this method, you should note that in order to protect yourself you should avoid sharing folders with contacts you don't trust.
Nevertheless Microsoft are tough on security flaws, let's just hope there are no stupid decisions this time around.
>> Source: mess.be
Yahoo! Messenger may of had another recent security scare relating to vulnerabilities in its webcam system last week, but things were soon patched up and users were protected. Now it seems MSN Messenger and Windows Live Messenger 8.0 also have a similar problem.
The problem is caused by a 'buffer overflow' and to be honest it is nothing to worry about if you know the people who you are accepting webcam invitations from. The problem with this situation is a fix is already present for Windows Live Messenger, but MSN Messenger is still open to the security flaw.
So what does this mean for MSN Messenger? Well MSN Messenger is still a popular program, Microsoft still support it and you have to remember Windows Live Messenger is just an updated and re-branded MSN Mesenger. Forcing users to update to Windows Live Messenger would not be a wise move.
Zdnet managed to get a quote from a Microsoft spokesperson on the issue:
This still shows Microsoft are still keen on MSN Messenger users and will support critical updates for the program. I expect a new build for MSN Messenger will be available within the near future.
The problem is caused by a 'buffer overflow' and to be honest it is nothing to worry about if you know the people who you are accepting webcam invitations from. The problem with this situation is a fix is already present for Windows Live Messenger, but MSN Messenger is still open to the security flaw.
So what does this mean for MSN Messenger? Well MSN Messenger is still a popular program, Microsoft still support it and you have to remember Windows Live Messenger is just an updated and re-branded MSN Mesenger. Forcing users to update to Windows Live Messenger would not be a wise move.
Zdnet managed to get a quote from a Microsoft spokesperson on the issue:
Once we're done investigating, we will take appropriate action to help protect customers. This may include providing a security update through the monthly release process, an out-of-cycle update or additional guidance to help customers protect themselves.
This still shows Microsoft are still keen on MSN Messenger users and will support critical updates for the program. I expect a new build for MSN Messenger will be available within the near future.