RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit

["Thor Larholm" <thor () pivx com>]

> From: Andrew Hunter [mailto:andiroohunter () msn com] 
> Unfortunatly MSN would let me load the .png as my display picture? I
am using 
> MSN 7 so that is probbobly why, i will down grade to MSN 6 and try
again.

MSN 7 is not affected as the vulnerability was reported to Microsoft
before it's beta release, hence it was fixed in MSN 7 before MS05-009
was released. The beta of MSN Messenger 7 was released back in November
2004 so it's taken a few months to patch this for the remaining affected
products.

> From http://www.microsoft.com/technet/security/bulletin/ms05-009.mspx,
Vulnerability Details, PNG Processing Vulnerability in MSN Messenger,
FAQ:

"Is the MSN Messenger 7.0 beta affected by this vulnerability?
No. This vulnerability was reported prior to the release of the MSN
Messenger 7.0 beta, and is therefore already incorporated into that
product version."


Regards

Thor Larholm
Senior Security Researcher
PivX Solutions
23 Corporate Plaza #280
Newport Beach, CA 92660
http://www.pivx.com
thor () pivx com
Stock symbol: (PIVX.OB)
Phone: +1 (949) 231-8496
PGP: 0x4207AEE9
B5AB D1A4 D4FD 5731 89D6  20CD 5BDB 3D99 4207 AEE9

PivX defines a new genre in Desktop Security: Proactive Threat
Mitigation. 
<http://www.pivx.com/qwikfix>