Vulnerability Note VU#633446

Microsoft MSN Messenger GIF processing buffer overflow

Original Release date: 12 Apr 2005 | Last revised: 12 Apr 2005


MSN Messenger clients before version 7.0 will allow remote attackers to take control of a computer if malicious GIF files are processed.


Microsoft MSN Messenger is an instant messaging application that allows users to collaborate with people using text messages, voice and video communication, or by sending files. There is a buffer overflow vulnerability in a function MSN Messenger uses to process Graphic Interchange Format (GIF) image files. By sending a specially crafted GIF image file with unexpected height and width parameters, a remote attacker in a victim's contacts list could take control of a computer with the privileges of the affected user. Examples of GIF image files MSN Messenger typically processes include emoticons and display pictures.

Please note the updates from Microsoft in MS05-022 addressing this issue supercede those in MS05-009. MSN Messenger 7.0 BETA is affected by this issue.


Remote attackers may execute arbitrary code with the privileges of affected users. Microsoft notes MSN Messenger does not by default anonymous user messages. An attecker must be in a victim's contacts list.


Upgrade to either MSN Messenger 6.2.208 or MSN Messenger 7.0. Note MSN Messenger 7.0 BETA is affected by this issue.

Non-technical users should read the following document:

MSN Messenger Update Summary for April 2005

More technical details can be found in the following security bulletin from Microsoft:

Microsoft Security Bulletin MS05-022
Vulnerability in MSN Messenger Could Lead to Remote Code Execution (896597)


Microsoft has included the following potential workarounds in their technical security bulletin, MS05-022, about this issue:

Workarounds for MSN Messenger Vulnerability - CAN-2005-0562:
Microsoft has tested the following workarounds. While these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, it is identified in the following section.
Review all of the contacts currently in your contact list and remove or block any that you do not know, do not trust or no longer need.
Do not agree to accept file transfers from contacts you do not know or trust.
Block access to MSN Messenger and Web Messenger in a corporate environment.
Block access to outgoing port 1863 in your corporate environment. Note MSN Messenger Service is connected through port 1863 when a direct connection is established. When a direct connection cannot be established, the MSN Messenger Service is connected through port 80.
Block HTTP access to If you would like to block access to MSN Web Messenger you will also need to block HTTP access to

Impact of Workaround: MSN Messenger clients will not be able to connect to the MSN Messenger network

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Microsoft CorporationAffected-12 Apr 2005
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



Microsoft has thanked Hongzhen Zhou in technical security bulletin MS05-022.

This document was written by Jeffrey S. Havrilla.

Other Information

  • CVE IDs: CAN-2005-0562
  • Date Public: 12 Apr 2005
  • Date First Published: 12 Apr 2005
  • Date Last Updated: 12 Apr 2005
  • Severity Metric: 23.62
  • Document Revision: 11


If you have feedback, comments, or additional information about this vulnerability, please send us email.