lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <653D74053BA6F54A81ED83DCF969DF0801320FF1@pivxes1.pivx.com>
Date: Thu, 10 Feb 2005 10:45:47 -0800
From: "Thor Larholm" <thor@...x.com>
To: "Andrew Hunter" <andiroohunter@....com>,
	<bugtraq@...urityfocus.com>
Subject: RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit


> From: Andrew Hunter [mailto:andiroohunter@....com] 
> Unfortunatly MSN would let me load the .png as my display picture? I
am using 
> MSN 7 so that is probbobly why, i will down grade to MSN 6 and try
again.

MSN 7 is not affected as the vulnerability was reported to Microsoft
before it's beta release, hence it was fixed in MSN 7 before MS05-009
was released. The beta of MSN Messenger 7 was released back in November
2004 so it's taken a few months to patch this for the remaining affected
products.

>From http://www.microsoft.com/technet/security/bulletin/ms05-009.mspx,
Vulnerability Details, PNG Processing Vulnerability in MSN Messenger,
FAQ:

"Is the MSN Messenger 7.0 beta affected by this vulnerability?
No. This vulnerability was reported prior to the release of the MSN
Messenger 7.0 beta, and is therefore already incorporated into that
product version."


Regards

Thor Larholm
Senior Security Researcher
PivX Solutions
23 Corporate Plaza #280
Newport Beach, CA 92660
http://www.pivx.com
thor@...x.com
Stock symbol: (PIVX.OB)
Phone: +1 (949) 231-8496
PGP: 0x4207AEE9
B5AB D1A4 D4FD 5731 89D6  20CD 5BDB 3D99 4207 AEE9

PivX defines a new genre in Desktop Security: Proactive Threat
Mitigation. 
<http://www.pivx.com/qwikfix>  


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ