New exploit hits MSN Messenger
New flaw could allow hackers to run remote code on victim's computer.
A new vulnerability has hit the MSN Messenger service, which could allow hackers to compromise the computers of people using the service.
A bug in the application's video chat component could allow an attacker to remotely execute code on a victim's system. The flaw affects versions 6.x and 7.x of the popular instant messaging application, while the new version, called Windows Live Messenger 8.1 is unaffected.
According to an advisory put out by IT security firm Secunia, users of the previous versions of MSN Messenger should upgrade to the latest version. Micorosft also recommended the same course of action to affected users.
The flaw was discovered by a security researcher, known only as "Wushi". The vulnerability is caused due to an error in the handling of video conversations and can be exploited to cause a heap-based buffer overflow via specially crafted data sent to a user. According to the advisory, successful exploitation may allow execution of arbitrary code, but requires that the victim accepts the incoming web cam invitation.
Sign up today and you will receive a free copy of our Future Focus 2026 report - the leading resource for IT decision-maker insight on priorities and investment areas in AI, security and more.
Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.
-
ITPro is 20!We take a look back on the past two decades since ITPro launched...
-
Cyber experts issue alert after two ransomware groups team up on ‘unprecedented’ threat campaignNews The tie-up includes a new model of industrialized ransomware deployment that significantly lowers the barrier to entry for cyber crime