Slashdot Mirror

← Back to Stories (view on slashdot.org)

Image Causes Exploitable Overflow in Microsoft Products

Posted by Zonk on from the that's-a-spicy-picture dept.

Em Adespoton writes "Core Security researchers discovered that by electing a specially-crafted graphic as the user's display picture in MSN Messenger, an attacker could trigger a buffer overflow vulnerability on the chat partner's computer. Through this, it is possible to covertly take over machines running instant messaging software. Windows Messenger and Windows Media Player are also affected by this vulnerability. The story is also available at Newsfactor.com and SearchSecurity.com."

15 of 291 comments (clear)

  1. That's genius... by Assmasher · · Score: 1, Informative

    Use the old security notification for image library overflows and do nothing new with it except use the image code running in messenger. WOW, that's news...

    --
    Loading...
    1. Re:That's genius... by robslimo · · Score: 5, Informative

      Is this one at all related to the previous image library flaws (the vulnerability for which the GDI detection tool was released to identify any Windows apps that were affected)?

      Oh, wait, I think I found it! A patch was released for PNG processing flaws on Tuesday this week; among the affected software: Microsoft MSN Messenger.

  2. Already fixed by dreamt · · Score: 4, Informative

    After RTFMing, this was part of this week's Microsoft patches.

  3. They're wrong about PNG by BluhDeBluh · · Score: 5, Informative

    They've said that PNG stands for "Proprietary Network Graphics". In fact, this is very wrong - it's not proprietary at all. The idea of the format is that it _ISN'T_ proprietary - it's free as in speech, free as in beer, free as in patents.

    PNG really stands for Portable Network Graphics. And I hope that people don't get confused and start blaming the PNG file format for a bug that is MS's fault.

  4. Before anyone goes off bashing MS... by k98sven · · Score: 5, Informative

    Perhaps one should take note that this overflow bug is not in MS code, but in the open-source LibPNG, which MS used.

    And it's also included in most Linux distros.

    If MS is to blame, it's for their lousy reaction speed. This vunerability has been known for months.

  5. The exploit..... by FreshlyShornBalls · · Score: 5, Informative

    .....is already out.

    --
    This space intentionally left blank.
  6. From TFA: Proprietary Network Graphics (PNG)!?! by denis-The-menace · · Score: 3, Informative

    God damned stupid people!
    It's Portable Network Graphics
    http://en.wikipedia.org/wiki/Png

    --
    Obama's legacy: (N)othing (S)ecure (A)nywhere and (T)error (S)imulation (A)dministration
  7. Re:When will this stop being "news?" by Strudelkugel · · Score: 4, Informative

    The patch was released on Feb 8, the story comes out on Feb 11. Right, not much to see here.

    Maybe the RAF has a big PowerPoint that's of interest on web server somewhere...

    --
    Imagine how much harder physics would be if electrons had feelings! -Feynman, maybe
  8. 6 months to patch a known vulnerability by hweimer · · Score: 4, Informative

    The vulnerability is described in MS05-009 which refers to CAN-2004-0597. This is a buffer overflow in libpng which was fixed in early August last year. So Microsoft needed six months to fix a publicly known vulnerability.

    --
    OS Reviews: Free and Open Source Software
  9. Remember that this "exploit" doesn't count by Corellon+Larethian · · Score: 2, Informative

    Against Windows, because Messenger isn't part of the "core" functionality of Windows.

    However...

    The mailman exploit counts against Redhat Enterprise, because it ships with the distribution.

    (just squint really hard, and you'll be able to clearly see what I'm talking about)

  10. Re:Where are the Cherubs? by br0ck · · Score: 2, Informative

    ??SPOILER?? Cheers for trying to make this exploit fit the story, but unless I'm forgetting something, it wasn't the avatar doing the infecting. It was an assassin killing key hackers within the metaverse. The attacker showed a screen to intended victims which displayed 'snow'--like a TV tuned with no signal--which contained a message that crashed the victims brain turning them into a useless vegetable. More Info

  11. Re:Removing MSN Messenger doesn't actually remove by MrP-(at+work) · · Score: 5, Informative
    Yeah that never uninstalls it

    You have to manually call the uninstall section of the msn messenger INF file.. ive done it so many times i type it from memory..

    go to start>run, and type
    rundll32 advpack.dll,LaunchINFSection %windir%\inf\msmsgs.inf,BLC.Remove
    make sure msn messenger is closed first so it wont error when it unregisters the dll files
    --
    [an error occurred while processing this directive]
  12. Re:but its more secure than linux! by joeljkp · · Score: 2, Informative

    To add some sanity to this discussion, here's some facts:

    The MS bulletin and patch: http://www.microsoft.com/technet/security/Bulletin /MS05-009.mspx

    It's a vulnerability in libpng that was just patched by MS Tuesday, but was fixed by everyone else when it was discovered last June.

    --
    WeRelate.org - wiki-based genealogy
  13. Re:Talk about Timing! by joeljkp · · Score: 2, Informative

    You're not making any sense. The issue was with libpng, which is used by pretty much every image-capable platform in existance. Everyone else patched it when it was discovered last summer, though.

    The real question to ask is "Why did it take MS so long to remember it had used a vulnerable version in MSN Messenger?"

    --
    WeRelate.org - wiki-based genealogy
  14. Re:Stupid question: by pavon · · Score: 2, Informative

    Yes, the flaw is actually in the open source library libpng. It was discovered and fixed back in August. Any application that uses an old version of this library is affected. This included mozilla and firefox, which both released fixed versions within a day of the libpng patch. Internet Explorer is not affected by this exploit as it doesn not use libpng.