Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Potential MSN Messenger video conversation vulnerability - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Potential MSN Messenger video conversation vulnerability

Secunia has reported an unfixed, unconfirmed remote code execution vulnerability in MSN Messenger’s Video Conversation functionality. An exploit appears to be available of which the description states it will cause a Denial-of-Service attack on MSN Messenger, and likely allows remote code execution on Win2k SP4 Chinese. If accurate, an offset change is likely all that is needed for this to work on other language releases.

According to the report, Windows Live Messenger 8.1 and higher are not affected. While Microsoft has not yet officially confirmed this vulnerability, we advise users not to accept untrusted video conversation sessions at this time. 

We'll keep you updated on this issue. Thanks to Juha-Matti for bringing it to our attention.


158 Posts
Aug 28th 2007

Sign Up for Free or Log In to start participating in the conversation!