|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
|
Vulnerability Note VU#633446
Microsoft MSN Messenger GIF processing buffer overflow
OverviewMSN Messenger clients before version 7.0 will allow remote attackers to take control of a computer if malicious GIF files are processed.
I. DescriptionMicrosoft MSN Messenger is an instant messaging application that allows users to collaborate with people using text messages, voice and video communication, or by sending files. There is a buffer overflow vulnerability in a function MSN Messenger uses to process Graphic Interchange Format (GIF) image files. By sending a specially crafted GIF image file with unexpected height and width parameters, a remote attacker in a victim's contacts list could take control of a computer with the privileges of the affected user. Examples of GIF image files MSN Messenger typically processes include emoticons and display pictures.
Please note the updates from Microsoft in MS05-022 addressing this issue supercede those in MS05-009. MSN Messenger 7.0 BETA is affected by this issue.
II. ImpactRemote attackers may execute arbitrary code with the privileges of affected users. Microsoft notes MSN Messenger does not by default anonymous user messages. An attecker must be in a victim's contacts list.
III. SolutionUpgrade to either MSN Messenger 6.2.208 or MSN Messenger 7.0. Note MSN Messenger 7.0 BETA is affected by this issue.
Non-technical users should read the following document:
MSN Messenger Update Summary for April 2005
http://www.microsoft.com/security/bulletins/200504_msnmessenger.mspx
More technical details can be found in the following security bulletin from Microsoft:
Microsoft Security Bulletin MS05-022
Vulnerability in MSN Messenger Could Lead to Remote Code Execution (896597)
http://www.microsoft.com/technet/security/Bulletin/MS05-022.mspx
Workarounds
Microsoft has included the following potential workarounds in their technical security bulletin, MS05-022, about this issue:
| Workarounds for MSN Messenger Vulnerability - CAN-2005-0562: |
Microsoft has tested the following workarounds. While these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, it is identified in the following section.
| • | Review all of the contacts currently in your contact list and remove or block any that you do not know, do not trust or no longer need. |
| • | Do not agree to accept file transfers from contacts you do not know or trust. |
| • | Block access to MSN Messenger and Web Messenger in a corporate environment. |
| • | Block access to outgoing port 1863 in your corporate environment. Note MSN Messenger Service is connected through port 1863 when a direct connection is established. When a direct connection cannot be established, the MSN Messenger Service is connected through port 80. |
| • | Block HTTP access to gateway.messenger.hotmail.com. If you would like to block access to MSN Web Messenger you will also need to block HTTP access to webmessenger.msn.com.
Impact of Workaround: MSN Messenger clients will not be able to connect to the MSN Messenger network |
Systems Affected
References
http://www.kb.cert.org/vuls/id/557948
http://www.microsoft.com/security/bulletins/200504_msnmessenger.mspx
http://www.microsoft.com/technet/security/bulletin/MS05-022.mspx
http://support.microsoft.com/kb/889829
http://support.microsoft.com/kb/896597
http://messenger.msn.com
http://www.w3.org/Graphics/GIF/spec-gif89a.txt
Credit
Microsoft has thanked Hongzhen Zhou in technical security bulletin MS05-022.
This document was written by Jeffrey S. Havrilla.
Other Information
| Date Public | 04/12/2005 |
| Date First Published | 04/12/2005 06:16:53 PM |
| Date Last Updated | 04/12/2005 |
| CERT Advisory | |
| CVE Name | CAN-2005-0562 |
| US-CERT Technical Alerts | |
| Metric | 23.62 |
| Document Revision | 11 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
|
Get Adobe Reader