MSN Messenger video-based exploit revealed

Share this article:

Security experts are advising users of MSN Messenger to be wary of untrusted web cam conversations after exploit code was posted today for a zero-day vulnerability in the instant messaging (IM) application.

The bug, rated "highly critical" by tracking firm Secunia, can be exploited when a victim accepts a malicious video from an attacker, prompting a heap-based buffer overflow. Results may range from a system crash to arbitrary code execution.

The exploit, published on a Chinese hacker site, affects MSN Messenger versions 6 and 7. No fix is available, but Secunia's advisory recommends affected users upgrade to Version 8, which is not impacted by the vulnerability.

A Microsoft representative could not immediately be reached for comment today.

SANS Internet Storm Center handler Maarten Van Horenbeeck said today on the organization's blog that although Microsoft has not yet confirmed the vulnerability, users should not "accept untrusted video conversation sessions at this time."

The reported flaw comes on the same day that IM security provider Akonix released monthly stats showing IM threats nearly doubled from July to August.

"This is actually something new," Don Montgomery, vice president of marketing at San Diego-based Akonix, told SCMagzine.com today. "Most of the attacks use IM as a conduit for either a payload within a file attached to the message or the socially engineered text of a message contains a poison URL."

Montgomery said attackers are catching on to the increasing corporate use of IM.

"Our thought is that using IM as a target gets more attractive as more people use IM at work," he said. "If you can infect a corporate PC inside the firewall and then propagate inside that network unmolested, you can do a lot of things."

That includes installing keyloggers or spyware or spreading spam, he said. 

Click here to email reporter Dan Kaplan.

Click here for the latest SC Magazine Podcast – Aug. 27, 2007: A monster (.com) of a data theft

Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in News

Sign up to our newsletters

TOP COMMENTS

More in News

ShellShock vulnerability exploited in SMTP servers

Researchers at Trend Micro found that attackers were targeting Simple Mail Transfer Protocol (SMTP) servers to execute malicious code and an IRC bot.

Hackers grab email addresses of CurrentC pilot participants

Hackers grab email addresses of CurrentC pilot participants

Although the hack didn't breach the mobile payment app itself, consumer confidence may be shaken.

Operators disable firewall features to increase network performance, survey finds

Operators disable firewall features to increase network performance, ...

McAfee found that 60 percent of 504 surveyed IT professionals prioritize security as the primary driver of network design.