Slashdot Mirror

← Back to Stories (view on slashdot.org)

Image Causes Exploitable Overflow in Microsoft Products

Posted by Zonk on from the that's-a-spicy-picture dept.

Em Adespoton writes "Core Security researchers discovered that by electing a specially-crafted graphic as the user's display picture in MSN Messenger, an attacker could trigger a buffer overflow vulnerability on the chat partner's computer. Through this, it is possible to covertly take over machines running instant messaging software. Windows Messenger and Windows Media Player are also affected by this vulnerability. The story is also available at Newsfactor.com and SearchSecurity.com."

30 of 291 comments (clear)

  1. MS loss... by LazyPhoenix · · Score: 5, Funny

    Microsofts loss is my GAIM.

    ha.

    1. Re:MS loss... by DrEldarion · · Score: 1, Funny

      Out with the old, Trillian with the new.

  2. Article left out significant information... by bigtallmofo · · Score: 4, Funny

    Animated pictures of shiny pocketwatches moving back and forth were found to be the most effective at taking control of other people's computers.

    --
    I'm a big tall mofo.
  3. MS Security Chief Says Windows is Safer Than Linux by hoggoth · · Score: 4, Funny

    Hello? Didn't you get the memo?

    MS Security Chief Says Windows is Safer Than Linux

    Now stop trying to spread FUD.

    --
    - For the complete works of Shakespeare: cat /dev/random (may take some time)
  4. What??? by Jeffery · · Score: 2, Funny

    I can't belive that.. but i love all my microsoft products.. they must be wrong, microsoft doesn't have security flaws!! and my MSN messanger is totally safe, and all my WMA and WMV files are so totally secure! /sarcasm

    --
    President Bush Supporter
    1. Re:What??? by hoggoth · · Score: 4, Funny

      Phwew. I was about to go BALLISTIC on your post... but then thank goodness I saw the '/sarcasm' at the end. I mean, I was stoked up to spew some hellfire on you for your outrageous statements. They seemed... almost... too extreme to believe. Now that I see you clearly labelled it as 'sarcasm' I took a step back, and I'm cooling off. Shaking my arms, letting the anger go.

      Good thing you clearly labelled it as sarcasm.

      'cause otherwise I wouldn't have known.

      Really good sarcasm, too.

      Got me, there.

      Phwew.

      --
      - For the complete works of Shakespeare: cat /dev/random (may take some time)
  5. Bill Gates by kai.chan · · Score: 3, Funny

    If only I had Bill Gate's MSN . . .

  6. Re:Worst internet worm ever? by PapaBoojum · · Score: 5, Funny

    By spreading to everyone in your buddy list, a worm based on this exploit could infect 90% of the world in a couple hours.

    I'm doing my part. I don't have any friends.

  7. In other news... by Dutchmaan · · Score: 2, Funny

    IT: MS Security Chief Says Windows is Safer Than Linux....

  8. In other news . . by Anonymous Coward · · Score: 0, Funny

    Mike Nash, Microsoft's Chief of Security was found dead in his Redmond, WA office. The cause of death is currently under investigation, but sources close to the investigation have suggested that both his feet were jammed firmly down his throat and he may have choked to death as a result.

  9. Am I the only one by mr.newt · · Score: 2, Funny

    who finds it funny that the Google ads for the article show an advert for MSN Messenger?

  10. He said safer* not safer. by Anonymous Coward · · Score: 1, Funny

    There is a huge difference.

  11. This is the picture... by Anonymous Coward · · Score: 3, Funny

    http://blog.monkeymethods.org/images/billgates01.j pg Enough to make any buffer quit really...

    1. Re:This is the picture... by quanticle · · Score: 2, Funny

      This pic caused a buffer overflow in my mind...

      --
      We all know what to do, but we don't know how to get re-elected once we have done it
  12. Re:That's genius... by dsginter · · Score: 4, Funny

    A friend of mine used the goatse image for his MSN person icon and I had a buffer overflow of my own.

    When did I ever eat corn?

    --
    More
  13. Ah HA! by MrFreshly · · Score: 5, Funny

    The image that triggers it is an inverted picture of Bill Gates playing cards with Sadam, Satan, and Celine Dion.

  14. Defeating the Borg? by bokmann · · Score: 4, Funny

    Isn't this the same technique Geordie LaForge came up with for introducing a virus into the Borg collective? Remember Hugh?

    Maybe the image of Bill Gates-as-Borg was a little more prophetic than we all realized.

    1. Re:Defeating the Borg? by Swamii · · Score: 4, Funny

      Yawn. I don't know about a virus, but you've just put me to sleep like Data did to the Borg in episode 128 where he issues a low-priority regeneration command to the Borg collective and then they revive Captain Picard who was actually named Locutus of Borg when he was merged into the Borg identity as he was captured on the Borg Cube after a mission of reconaissance in the ... zzzzzzzz

      --
      Tech, life, family, faith: Give me a visit
  15. When will this stop being "news?" by gearmonger · · Score: 1, Funny
    Wow....another exploit found in Microsoft software? That's Page 1 news, right along with:

    News Update: Woman Gives Birth

    Breaking Story: Actor Turns Politician

    Headline: Sun Rises in East...AGAIN!

    *sigh*

  16. *Proprietary* Network Graphic? by TomorrowPlusX · · Score: 4, Funny

    What? I thought all this time they were *Portable* Network Graphics. Well, the article says "Proprietary" so they must be right.

    --

    lorem ipsum, dolor sit amet
  17. I think I understand Windows users now... by crazyphilman · · Score: 4, Funny

    I used to struggle with the "why do they keep using it, when there are so many (much better) alternatives" question. I see now how silly my confusion was. It's all so clear...

    Windows... Is a video game!

    Sure, think about it. Can you hack your friend Billy's computer before he hacks yours while you chat online? The suspense must be very exciting. Who has the better Script? Who has the better collection of vulnerabilities?

    It must be almost like playing Magic: The Gathering, or one of the other card games kids are into now. "My hack trumps yours! I get all your pr0n!"

    Suddenly I feel very boring. Sigh... It's okay, Slackware, I love you even IF you're secure. I'll just have to settle for being Rudolph, and not play in any Reindeer Games.

    Oh! Look! My Microwave just beeped! Pea Soup!

    Mmmm!

    --
    Farewell! It's been a fine buncha years!
  18. Re:From TFA: Proprietary Network Graphics (PNG)!?! by iggymanz · · Score: 4, Funny

    no, it's Pornographic Network Graphics, your definition is just a smoke screen so the religious right doesn't get all fired up

  19. Re:MS Security Chief Says Windows is Safer Than Li by BrynM · · Score: 4, Funny
    Anyone ever done a study to determine the mean time between when MS claims their products are secure and when the next exploit is announced?
    Measuring negative time is moot.
    --
    US Democracy:The best person for the job (among These pre-selected choices...)
  20. Bad Image Causes Exploitable Overflow by Anonymous Coward · · Score: 2, Funny

    Exploitable Overflows Cause Bad Image

    (A day like every day in Redmond)

  21. Re:Before anyone goes off bashing MS... by Saige · · Score: 1, Funny

    Shhh... quiet!

    Don't you realize you've said two things that will get you lynched by the Slashdot crowd? First, you point out that the vunerability isn't in MS code. Second, you mention that they're using an open source library!

    You're probably marked for death now by the Slashdot enforcers. Hope you had fun living.

    --
    "You know your god is man-made when he hates all the same people you do."
  22. Re:Still think by Anonymous Coward · · Score: 3, Funny

    Don't worry, I've sent everyone the patch via a .png file.

  23. Re:MS Security Chief Says Windows is Safer Than Li by XMyth · · Score: 3, Funny

    I don't think you understand.

    1. Claim Linux is more secure than windows.
    2. Someone finds exploit in Linux
    3. Cry FUD
    4. Profit

  24. Re: Where are the Cherubs? by Black+Parrot · · Score: 2, Funny


    > Never read Snow Crash, but the proper pluralization of cherub is cherubim. (::seraph:seraphim::nephil:nephilim, etc.)

    ::virus:viriim:: ?

    --
    Sheesh, evil *and* a jerk. -- Jade
  25. Re:Where are the Cherubs? by k96822 · · Score: 2, Funny
    However, if we ever develop artificial intelligence, I truly feel sorry for any robots produced by Microsoft ;).

    Oh, that's just peachy. An army of Microsoft Robots (TM), all with their security holes, easily programmed to destroy humanity. Good thing they won't work long enough before a reboot to do too much damage!

  26. Re:Where are the Cherubs? by Dr+Caleb · · Score: 2, Funny
    The images wouldn't only affect your computer, but your brain as well.

    So instead of Cherubs, they have Tub Girl.

    Did I really just write that? :P

    --
    "History doesn't repeat itself, but it does rhyme." Mark Twain