MSN Messenger fails to properly handle webcam streams, which may allow a remote attacker to execute arbitrary code.
MSN Messenger is an instant messaging application. Starting with version 8, MSN Messenger was renamed to Windows Live Messenger. Windows Live Messenger and some versions of MSN Messenger support the use of webcams. MSN Messenger and Windows Live Messenger appear to require user interaction to connect a webcam stream.
MSN Messenger and Windows Live Messenger contain a heap overflow in the handling of a malformed webcam streams. Exploit code for this vulnerability is publicly available.
By convincing a user to accept a webcam invitation, a remote attacker may be able to execute arbitrary code with the privileges of the user.
Apply an update
This vulnerability was publicly reported by team509.
This document was written by Will Dormann.
|Date First Published:||2007-08-28|
|Date Last Updated:||2007-09-13 14:20 UTC|