Microsoft MSN Messenger Video Conversation Buffer Overflow Vulnerability
BID:25461
Info
Microsoft MSN Messenger Video Conversation Buffer Overflow Vulnerability
| Bugtraq ID: | 25461 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-2931 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 28 2007 12:00AM |
| Updated: | Sep 13 2007 03:51PM |
| Credit: | wushi of Team509 is credited with the discovery of this vulnerability. |
| Vulnerable: |
Microsoft Windows Live Messenger 8.0 Microsoft MSN Messenger Service 7.5 Microsoft MSN Messenger Service 7.0 beta Microsoft MSN Messenger Service 7.0 Microsoft MSN Messenger Service 6.2 |
| Not Vulnerable: |
Microsoft Windows Live Messenger 8.1 Microsoft MSN Messenger Service 7.0.820 |
Discussion
Microsoft MSN Messenger Video Conversation Buffer Overflow Vulnerability
Microsoft MSN Messenger is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will likely result in denial-of-service conditions.
Microsoft MSN Messenger is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will likely result in denial-of-service conditions.
Exploit / POC
Microsoft MSN Messenger Video Conversation Buffer Overflow Vulnerability
To exploit this issue, an attacker must entice an unsuspecting user to accept a malicious video conversation invitation.
The following proof-of-concept exploit pack is available; this exploit is reported to work on the Chinese version of Windows 2000 SP4.
To exploit this issue, an attacker must entice an unsuspecting user to accept a malicious video conversation invitation.
The following proof-of-concept exploit pack is available; this exploit is reported to work on the Chinese version of Windows 2000 SP4.
Solution / Fix
Microsoft MSN Messenger Video Conversation Buffer Overflow Vulnerability
Solution:
The vendor has released advisory MS07-054 to address this issue. Users are advised to use the upgrade feature of the affected software to upgrade to the latest release. Please see the vendor advisory for more information.
Microsoft MSN Messenger Service 7.0
Microsoft MSN Messenger Service 7.0 beta
Microsoft MSN Messenger Service 6.2
Microsoft Windows Live Messenger 8.0
Solution:
The vendor has released advisory MS07-054 to address this issue. Users are advised to use the upgrade feature of the affected software to upgrade to the latest release. Please see the vendor advisory for more information.
Microsoft MSN Messenger Service 7.0
-
Microsoft MSN Messenger 7.0 for Windows
http://www.microsoft.com/downloads/details.aspx?FamilyID=cf49c56c-8b3e -4eae-9904-9505f47bed45&displaylang=en -
Microsoft Windows Live Messenger 8.1
http://www.microsoft.com/downloads/details.aspx?FamilyID=d78f2ff1-79ea -4066-8ba0-ddbed94864fc&DisplayLang=en
Microsoft MSN Messenger Service 7.0 beta
-
Microsoft MSN Messenger 7.0 for Windows
http://www.microsoft.com/downloads/details.aspx?FamilyID=cf49c56c-8b3e -4eae-9904-9505f47bed45&displaylang=en -
Microsoft Windows Live Messenger 8.1
http://www.microsoft.com/downloads/details.aspx?FamilyID=d78f2ff1-79ea -4066-8ba0-ddbed94864fc&DisplayLang=en
Microsoft MSN Messenger Service 6.2
-
Microsoft MSN Messenger 7.0 for Windows
http://www.microsoft.com/downloads/details.aspx?FamilyID=cf49c56c-8b3e -4eae-9904-9505f47bed45&displaylang=en -
Microsoft Windows Live Messenger 8.1
http://www.microsoft.com/downloads/details.aspx?FamilyID=d78f2ff1-79ea -4066-8ba0-ddbed94864fc&DisplayLang=en
Microsoft Windows Live Messenger 8.0
-
Microsoft Windows Live Messenger 8.1
http://www.microsoft.com/downloads/details.aspx?FamilyID=d78f2ff1-79ea -4066-8ba0-ddbed94864fc&DisplayLang=en
References
Microsoft MSN Messenger Video Conversation Buffer Overflow Vulnerability
References:
References: