[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <BAY5-F2638D22C5390E5D41CECAA5760@phx.gbl>
Date: Thu, 10 Feb 2005 09:48:37 +0000
From: "Andrew Hunter" <andiroohunter@....com>
To: bugtraq@...urityfocus.com
Subject: RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit
Ok after switching to MSN 6 still couldn't load the image as my display
picture. It turns out that the instructions provided with this file are
wrong! You have to send the victim the image via the file transfer mode on
MSN.
I have tested this and can varify that it works. It isn't an auto
exploitation, the user has to click the link to view the file, at which
point there msn will freeze and a .exe will be dropped onto the
system(assuming HTTP isn't blocked by the firewall). The victim will know
that something dodgy has happened since in each case their MSN
closes/freezes.
Powered by blists - more mailing lists