Slashdot Mirror

← Back to Stories (view on slashdot.org)

Image Causes Exploitable Overflow in Microsoft Products

Posted by Zonk on from the that's-a-spicy-picture dept.

Em Adespoton writes "Core Security researchers discovered that by electing a specially-crafted graphic as the user's display picture in MSN Messenger, an attacker could trigger a buffer overflow vulnerability on the chat partner's computer. Through this, it is possible to covertly take over machines running instant messaging software. Windows Messenger and Windows Media Player are also affected by this vulnerability. The story is also available at Newsfactor.com and SearchSecurity.com."

8 of 291 comments (clear)

  1. Already fixed by dreamt · · Score: 4, Informative

    After RTFMing, this was part of this week's Microsoft patches.

  2. Re:That's genius... by robslimo · · Score: 5, Informative

    Is this one at all related to the previous image library flaws (the vulnerability for which the GDI detection tool was released to identify any Windows apps that were affected)?

    Oh, wait, I think I found it! A patch was released for PNG processing flaws on Tuesday this week; among the affected software: Microsoft MSN Messenger.

  3. They're wrong about PNG by BluhDeBluh · · Score: 5, Informative

    They've said that PNG stands for "Proprietary Network Graphics". In fact, this is very wrong - it's not proprietary at all. The idea of the format is that it _ISN'T_ proprietary - it's free as in speech, free as in beer, free as in patents.

    PNG really stands for Portable Network Graphics. And I hope that people don't get confused and start blaming the PNG file format for a bug that is MS's fault.

  4. Before anyone goes off bashing MS... by k98sven · · Score: 5, Informative

    Perhaps one should take note that this overflow bug is not in MS code, but in the open-source LibPNG, which MS used.

    And it's also included in most Linux distros.

    If MS is to blame, it's for their lousy reaction speed. This vunerability has been known for months.

  5. The exploit..... by FreshlyShornBalls · · Score: 5, Informative

    .....is already out.

    --
    This space intentionally left blank.
  6. Re:When will this stop being "news?" by Strudelkugel · · Score: 4, Informative

    The patch was released on Feb 8, the story comes out on Feb 11. Right, not much to see here.

    Maybe the RAF has a big PowerPoint that's of interest on web server somewhere...

    --
    Imagine how much harder physics would be if electrons had feelings! -Feynman, maybe
  7. 6 months to patch a known vulnerability by hweimer · · Score: 4, Informative

    The vulnerability is described in MS05-009 which refers to CAN-2004-0597. This is a buffer overflow in libpng which was fixed in early August last year. So Microsoft needed six months to fix a publicly known vulnerability.

    --
    OS Reviews: Free and Open Source Software
  8. Re:Removing MSN Messenger doesn't actually remove by MrP-(at+work) · · Score: 5, Informative
    Yeah that never uninstalls it

    You have to manually call the uninstall section of the msn messenger INF file.. ive done it so many times i type it from memory..

    go to start>run, and type
    rundll32 advpack.dll,LaunchINFSection %windir%\inf\msmsgs.inf,BLC.Remove
    make sure msn messenger is closed first so it wont error when it unregisters the dll files
    --
    [an error occurred while processing this directive]