[<prev] [next>] [day] [month] [year] [list]
Message-ID: <653D74053BA6F54A81ED83DCF969DF0801320FF1@pivxes1.pivx.com>
Date: Thu, 10 Feb 2005 10:45:47 -0800
From: "Thor Larholm" <thor@...x.com>
To: "Andrew Hunter" <andiroohunter@....com>,
<bugtraq@...urityfocus.com>
Subject: RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit
> From: Andrew Hunter [mailto:andiroohunter@....com]
> Unfortunatly MSN would let me load the .png as my display picture? I
am using
> MSN 7 so that is probbobly why, i will down grade to MSN 6 and try
again.
MSN 7 is not affected as the vulnerability was reported to Microsoft
before it's beta release, hence it was fixed in MSN 7 before MS05-009
was released. The beta of MSN Messenger 7 was released back in November
2004 so it's taken a few months to patch this for the remaining affected
products.
>From http://www.microsoft.com/technet/security/bulletin/ms05-009.mspx,
Vulnerability Details, PNG Processing Vulnerability in MSN Messenger,
FAQ:
"Is the MSN Messenger 7.0 beta affected by this vulnerability?
No. This vulnerability was reported prior to the release of the MSN
Messenger 7.0 beta, and is therefore already incorporated into that
product version."
Regards
Thor Larholm
Senior Security Researcher
PivX Solutions
23 Corporate Plaza #280
Newport Beach, CA 92660
http://www.pivx.com
thor@...x.com
Stock symbol: (PIVX.OB)
Phone: +1 (949) 231-8496
PGP: 0x4207AEE9
B5AB D1A4 D4FD 5731 89D6 20CD 5BDB 3D99 4207 AEE9
PivX defines a new genre in Desktop Security: Proactive Threat
Mitigation.
<http://www.pivx.com/qwikfix>
Powered by blists - more mailing lists