| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 10 Feb 2005 10:45:47 -0800 From: "Thor Larholm" <thor@...x.com> To: "Andrew Hunter" <andiroohunter@....com>, <bugtraq@...urityfocus.com> Subject: RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit > From: Andrew Hunter [mailto:andiroohunter@....com] > Unfortunatly MSN would let me load the .png as my display picture? I am using > MSN 7 so that is probbobly why, i will down grade to MSN 6 and try again. MSN 7 is not affected as the vulnerability was reported to Microsoft before it's beta release, hence it was fixed in MSN 7 before MS05-009 was released. The beta of MSN Messenger 7 was released back in November 2004 so it's taken a few months to patch this for the remaining affected products. >From http://www.microsoft.com/technet/security/bulletin/ms05-009.mspx, Vulnerability Details, PNG Processing Vulnerability in MSN Messenger, FAQ: "Is the MSN Messenger 7.0 beta affected by this vulnerability? No. This vulnerability was reported prior to the release of the MSN Messenger 7.0 beta, and is therefore already incorporated into that product version." Regards Thor Larholm Senior Security Researcher PivX Solutions 23 Corporate Plaza #280 Newport Beach, CA 92660 http://www.pivx.com thor@...x.com Stock symbol: (PIVX.OB) Phone: +1 (949) 231-8496 PGP: 0x4207AEE9 B5AB D1A4 D4FD 5731 89D6 20CD 5BDB 3D99 4207 AEE9 PivX defines a new genre in Desktop Security: Proactive Threat Mitigation. <http://www.pivx.com/qwikfix>
Powered by blists - more mailing lists