Microsoft MSN Messenger GIF Image Processing Remote Buffer Overflow Vulnerability
BID:13114
Info
Microsoft MSN Messenger GIF Image Processing Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 13114 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2005-0562 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 12 2005 12:00AM |
| Updated: | Jan 23 2009 02:32PM |
| Credit: | Discovery is credited to Hongzhen Zhou. |
| Vulnerable: |
Microsoft MSN Messenger Service 7.0 beta Microsoft MSN Messenger Service 6.2 |
| Not Vulnerable: |
Microsoft MSN Messenger Service 7.0 |
Discussion
Microsoft MSN Messenger GIF Image Processing Remote Buffer Overflow Vulnerability
Microsoft MSN Messenger is prone to a remote buffer-overflow vulnerability when handling malformed Graphic Interchange Format (GIF) images. This may allow an attacker to gain unauthorized access to an affected computer by executing arbitrary code, reportedly resulting in system-level compromise. Specially crafted emoticons or display pictures are likely to be used in a client-to-client attack.
Other attack vectors may exist as well.
MSN Messenger 6.2 and MSN Messenger 7.0 beta are vulnerable.
Microsoft MSN Messenger is prone to a remote buffer-overflow vulnerability when handling malformed Graphic Interchange Format (GIF) images. This may allow an attacker to gain unauthorized access to an affected computer by executing arbitrary code, reportedly resulting in system-level compromise. Specially crafted emoticons or display pictures are likely to be used in a client-to-client attack.
Other attack vectors may exist as well.
MSN Messenger 6.2 and MSN Messenger 7.0 beta are vulnerable.
Exploit / POC
Microsoft MSN Messenger GIF Image Processing Remote Buffer Overflow Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Microsoft MSN Messenger GIF Image Processing Remote Buffer Overflow Vulnerability
Solution:
Microsoft has released updates to address this vulnerability on supported platforms.
UPDATE (January 22, 2009): Microsoft has updated its security bulletin to advise users that an update for MSN Messenger 6.2 is available via the download links in MS07-054 or by logging into the MSN Messenger service to accept the update.
Solution:
Microsoft has released updates to address this vulnerability on supported platforms.
UPDATE (January 22, 2009): Microsoft has updated its security bulletin to advise users that an update for MSN Messenger 6.2 is available via the download links in MS07-054 or by logging into the MSN Messenger service to accept the update.
References
Microsoft MSN Messenger GIF Image Processing Remote Buffer Overflow Vulnerability
References:
References:
- Microsoft Security Bulletin MS05-022 (Microsoft)
- Microsoft Security Bulletin MS07-054 - Important (Microsoft)