Security flaw hits MSN Messenger

By
Follow google news

A newly reported vulnerability could put the security of MSN Messenger users at risk.

Security flaw hits MSN Messenger
The flaw lies in MSN Messenger's video chat component and could allow an attacker to remotely execute code on a user's system. The vulnerability does not affect the latest version of the application, now known as Windows Live Messenger 8.1.

An attacker could exploit the flaw by injecting specially-crafted code into a video chat invitation.

On accepting the invitation, the user would experience a buffer overflow, which could in turn cause an application crash and allow the attacker to execute malicious code.

Discovery of the vulnerability is credited to a researcher known as 'Wushi'.

Security firm Secunia rated the vulnerability as 'highly critical', the second highest of its five alert levels.

A Microsoft spokesperson said that the company is investigating the flaw. Microsoft and Secunia recommend that users upgrade to Windows Live Messenger 8.1.

Secunia also recommended that users who have not upgraded should avoid unsolicited video chat invites.

A similar flaw was reported two weeks ago in Yahoo Messenger which could allow an attacker to execute malicious code through a specially crafted chat invite.

Add iTnews as your trusted source

Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

JB Hi-Fi Group finds new cyber security leader

JB Hi-Fi Group finds new cyber security leader

Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases

Toll Group puts third-party risk at centre of AI-era data security

Toll Group puts third-party risk at centre of AI-era data security

How Monash University is tackling the AI-driven app security gap

How Monash University is tackling the AI-driven app security gap

Log In

  |  Forgot your password?