Bugtraq mailing list archives
RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit
From: "Thor Larholm" <thor () pivx com>
Date: Thu, 10 Feb 2005 10:45:47 -0800
From: Andrew Hunter [mailto:andiroohunter () msn com] Unfortunatly MSN would let me load the .png as my display picture? I
am using
MSN 7 so that is probbobly why, i will down grade to MSN 6 and try
again. MSN 7 is not affected as the vulnerability was reported to Microsoft before it's beta release, hence it was fixed in MSN 7 before MS05-009 was released. The beta of MSN Messenger 7 was released back in November 2004 so it's taken a few months to patch this for the remaining affected products.
From http://www.microsoft.com/technet/security/bulletin/ms05-009.mspx,
Vulnerability Details, PNG Processing Vulnerability in MSN Messenger, FAQ: "Is the MSN Messenger 7.0 beta affected by this vulnerability? No. This vulnerability was reported prior to the release of the MSN Messenger 7.0 beta, and is therefore already incorporated into that product version." Regards Thor Larholm Senior Security Researcher PivX Solutions 23 Corporate Plaza #280 Newport Beach, CA 92660 http://www.pivx.com thor () pivx com Stock symbol: (PIVX.OB) Phone: +1 (949) 231-8496 PGP: 0x4207AEE9 B5AB D1A4 D4FD 5731 89D6 20CD 5BDB 3D99 4207 AEE9 PivX defines a new genre in Desktop Security: Proactive Threat Mitigation. <http://www.pivx.com/qwikfix>
Current thread:
- MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit ATmaCA ATmaCA (Feb 09)
- RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit Andrew Hunter (Feb 09)
- RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit Color Inc. (Feb 10)
- RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit Andrew Hunter (Feb 10)
- <Possible follow-ups>
- RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit Thor Larholm (Feb 10)
- RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit Andrew Hunter (Feb 09)