Security flaw hits MSN Messenger

By
Follow google news

A newly reported vulnerability could put the security of MSN Messenger users at risk.

Security flaw hits MSN Messenger
The flaw lies in MSN Messenger's video chat component and could allow an attacker to remotely execute code on a user's system. The vulnerability does not affect the latest version of the application, now known as Windows Live Messenger 8.1.

An attacker could exploit the flaw by injecting specially-crafted code into a video chat invitation.

On accepting the invitation, the user would experience a buffer overflow, which could in turn cause an application crash and allow the attacker to execute malicious code.

Discovery of the vulnerability is credited to a researcher known as 'Wushi'.

Security firm Secunia rated the vulnerability as 'highly critical', the second highest of its five alert levels.

A Microsoft spokesperson said that the company is investigating the flaw. Microsoft and Secunia recommend that users upgrade to Windows Live Messenger 8.1.

Secunia also recommended that users who have not upgraded should avoid unsolicited video chat invites.

A similar flaw was reported two weeks ago in Yahoo Messenger which could allow an attacker to execute malicious code through a specially crafted chat invite.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
flawhitsmessengermsnsecurity

Sponsored Whitepapers

2026 Engineering Reality Report
2026 Engineering Reality Report
How Kraft Heinz Transformed Planning with AI & 5 M+ Data Sets
How Kraft Heinz Transformed Planning with AI & 5 M+ Data Sets
Defend Your Network from the Next Generation of AI Threats
Defend Your Network from the Next Generation of AI Threats
Optus Enterprise Mobility
Optus Enterprise Mobility
Life After VMware: Scale Securely with mCloud by Micron21
Life After VMware: Scale Securely with mCloud by Micron21

Events

Most Read Articles

Tasmanian gov agencies impacted by cyber attack

Tasmanian gov agencies impacted by cyber attack
Australian chief at US defence contractor L3Harris sold exploits to Russia

Australian chief at US defence contractor L3Harris sold exploits to Russia
Vic gov agencies flying blind on server security, audit finds

Vic gov agencies flying blind on server security, audit finds
Home Affairs streamlines risk vetting for gov tech suppliers

Home Affairs streamlines risk vetting for gov tech suppliers
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?