[LINK] Messenger exploit
rchirgwin at ozemail.com.au
rchirgwin at ozemail.com.au
Sat Feb 12 10:02:45 EST 2005
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1053012,00.html
Yet another ... This time, you can remotely crash MS Messenger.
The process is (roughly and as I gather!) this; the image you use to
represent yourself in the remote chat session can be crafted so that
it's too large for the image memory space.
This causes a buffer overflow at the receiving chat machine, allowing
the execution of arbitrary code.
As the article mentions, the exploit is supposed to have been fixed in
last Tuesday's patches (which, by the way, have slowed my home box to a
stupidly slow crawl on just about any program launch).
The exploit would traverse firewalls, if the firewalls are configured to
pass MS Messenger traffic, because the image passes as ordinary traffic
(of course, if you block Messenger, you're instantly besieged by users
complaining that they have to replace gossip with productive work, but
that's another matter...).
RC
More information about the Link
mailing list